Chrome was hiding another major zero-day flaw

Users of Google Chrome have been warned to watch their security protection following the uncovering of a new zero-day in the popular browser.

Security researchers from Kaspersky have detected a new vulnerability that can hijack a user's browser to inject malware that could lead to their entire system being put at risk.

The attack targets users of the Korean-language version of Chrome, both in South Korea and overseas, potentially leaving millions of customers at risk.

Exploit

The attack used a waterhole-style exploit to inject malicious JavaScript code into the Chrome main page. This then uses a profiling script to analyse the victim's system and user credentials to see if version 65 or later of Chrome is installed.

The researchers say that the attack, which it named Operation WizardOpium, bears a number of similarities to the hugely damaging Lazarus attacks which swept the globe last year.

"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Kaspersky says it has informed Google of its findings, and a patch has been released. The company is urging users to install the patch as soon as possible and ensure their security software remains updated to the latest version.

How It works

Search Crack for

Latest IT News

Jan 27
A sign of things to come? Windows XP got patches long after its end-of-life, after all.
Jan 26
Protect up to five devices at a very steep discount.
Jan 25
Could this realistically happen? No, is the short answer to that.
Jan 24
Another cumulative update seems to have gone awry, with Windows 10’s reputation likely to take further damage.
Jan 23
Mac users can benefit from Wine, too – except that Catalina threw a spanner in the works.
Jan 23
The software Microsoft’s upcoming foldable smartphone, the Surface Duo, will run on has been glimpsed.
Jan 22
In classic Microsoft style, Windows 7’s last update contains an annoying bug.

Latest cracks