US cyber authorities have issued a 72-hour deadline for Google users to update Chrome to fix active vulnerabilities.
Exploits allow hackers to gain remote access to a system using errors in memory, allowing them to collect personal data without the user’s knowledge.
The Cybersecurity and Infrastructure Security Agency (CISA) has added both threats to its list of known exploitable vulnerabilities, requiring government personnel to update Chrome by September 18 to receive the fixes.
However, the agency issued an alert to the public, urging them to follow the same schedule to protect their devices.
Google Chrome users should update their browser immediately to prevent hackers from corrupting their login credentials and stealing personal information.
‘Chrome periodically checks for new updates, and when an update is available, Chrome automatically applies it when you close and reopen the browser,’ Google shared.
But for users who haven’t opened the browser for some time, the tech giant is urging them to do so.
Once opened, close Chrome and reopen it to make sure you have the latest version.
Users can check which update they have by selecting More at the top right, clicking Help, and then clicking About Google Chrome.
If you don’t see the Update Google Chrome button, you have the latest version.
Google has also issued a warning to users after two vulnerabilities were exploited last month that allowed hackers to corrupt Chrome using a fraudulent HTML page.
And at least one of the attacks has been attributed to North Korean cryptocurrency hackers named Citrine Sleet.
Google has since assured users that its “revamped Safety Check feature will now run automatically in the background of Chrome, taking more proactive steps to keep you safe.”
The feature also informs users if any steps are taken to protect them from potential hackers, including removing permissions granted to sites that are not frequently visited or used and “flagging potentially unwanted notifications.”
While the attacks focused on Chrome, the threat also affects Edge users, who must download the update to their browsers and restart it to ensure it is installed.
Hackers using HTML malware to infiltrate a user’s system is “a new technique used by crooks to force victims to enter their credentials into a browser, allowing them to be stolen from the browser’s credential store using traditional stealing malware,” according to OALABS Research who was the first to reveal the problem.
Chrome’s Safety Check tool will run in the background to prevent hackers from accessing information and will notify users of any manual security updates.
The malware worked by overriding the computer’s system and placing a Google login page in full-screen view that froze the computer until the user entered their credentials.
Once entered, they are stored on a disk in the browser’s credential store which can serve as a window for hackers to use malware to steal login passwords and other personal information.
It will also remind users if there is a security issue they need to address manually and will periodically check for security bug fixes and software updates.
If Chrome has not updated to the latest version by the September 18 deadline, CISA has recommended that users stop using the browser.