Google urges millions of Chrome users to update browsers NOW after uncovering flaw that lets hackers take over computers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

By Nikki Main Science Reporter For Dailymail.Com

17:32 29 Mar 2024, updated 18:16 29 Mar 2024

  • Google issued a ‘critical’ Chrome browser update in response to software flaw
  • Hackers were using the flaw to gain remote access over user’s computers
  • The hackers used an HTML page to entice users to click on it, opening malware
  • READ MORE: Hackers publish NHS patients’ data after cyber attack 

Google has urged millions of Chrome users to update their browsers after uncovering a malicious attack that lets hackers take control of computers.

The tech giant warned cybercriminals are using malicious pop-up windows or websites to gain access to an unsuspecting victim’s personal information.

A ‘critical’ update has been rolled out, which closes the loophole that makes your servers vulnerable to what’s called a ‘zero day’ attack.

The name stems from the fact a perpetrator found a weakness before the manufacturer, leaving zero days to fix the issue because the server has already been compromised. 

The update can be accessed in Google’s Chrome browser under the ‘Settings’ section.

Google has issued a ‘critical’ Chrome update to protect users from cyberattacks
Google confirmed that Russia, North Korea, Belarus, and the People’s Republic of China had instigated many of the hacks

Google reported that the flaw in all earlier versions of Chrome ‘allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,’ but did not specify what the flaw was.

When a fake HTML page appears on the screen, it could look like a normal website but instead, when the user clicks on it, a hacker could use remote access to gain control over the person’s computer.

The HTML page can also appear as a pop-up that urges the user to download the most recent anti-virus software or the latest version of the browser but instead installs software that allows actors to steal the user’s personal details. 

Google advises users to continuously update their browsers to the latest version to ensure that all security measures are up to date.

These updates mean you don’t have to pay for antivirus software because the new Chrome version patches all pre-existing vulnerabilities.

To update Chrome, users should open the browser and click the three dots on the top right-hand side of the screen, then click on ‘Settings.’

Hackers are gaining remote access to Chrome user’s personal information using an HTML page

There will be the option to click ‘About Chrome’ on the left where it will check for updates and download them.

Google has recommended that users keep auto-updates turned on so that critical security fixes and new features are added automatically when available..

The update comes after an analysis by Mandiant and Google’s Threat Analysis Group found that there were 87 zero-day attacks in 2023, up 50 percent from the year before.

READ MORE: I’m a professional hacker – here are the signs someone like me is inside your phone

 If you see a green dot on the Android screen, it could be a warning sign you’ve been hacked or someone has installed a dodgy app on your phone

Google reported that hackers have expanded their reach to third-party sites and libraries for maximum impact and because these sites offer more than one product, it makes it a prime target for hackers to exploit Chrome’s security flaws.

‘We saw this theme repeated across threat actors of all motivations, seeking vulnerabilities in products or components that provided broad access to multiple targets of choice,’ a Google spokesperson told Techradar.

Last year, security experts warned users not to download a new version of Chrome on a browser because it could contain malicious software. 

In 2023, roughly 41 percent of attacks were conducted by espionage efforts, while another 41 percent were conducted by commercial surveillance vendors and 17 percent were financially motivated, according to the analysis.

Google reported that about half of all attacks came from malicious actors in Russia, North Korea, Belarus and China, attributing 12 of the zero-day vulnerabilities to People’s Republic of China (PRC) government-backed actors

‘The actor showed specific interest in information of political or strategic interest to the PRC government, targeting global governments and organizations in high priority industries,’ the analysis said. 


Click Here For The Original Story From This Source.


National Cyber Security