Chrome was hiding another major zero-day flaw

Users of Google Chrome have been warned to watch their security protection following the uncovering of a new zero-day in the popular browser.

Security researchers from Kaspersky have detected a new vulnerability that can hijack a user's browser to inject malware that could lead to their entire system being put at risk.

The attack targets users of the Korean-language version of Chrome, both in South Korea and overseas, potentially leaving millions of customers at risk.

Exploit

The attack used a waterhole-style exploit to inject malicious JavaScript code into the Chrome main page. This then uses a profiling script to analyse the victim's system and user credentials to see if version 65 or later of Chrome is installed.

The researchers say that the attack, which it named Operation WizardOpium, bears a number of similarities to the hugely damaging Lazarus attacks which swept the globe last year.

"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Kaspersky says it has informed Google of its findings, and a patch has been released. The company is urging users to install the patch as soon as possible and ensure their security software remains updated to the latest version.

How It works

Search Crack for

Latest IT News

Nov 18
Sage focusing overall strategy on accounting subscription services.
Nov 18
Sage is focusing its overall strategy on accounting subscription services, so it’s no real surprise to see Sage Pay sold off.
Nov 18
Our run-down of exactly what happened in the NordVPN breach.
Nov 18
Those using a Microsoft browser under Windows 10 may want to promptly apply the workaround to get this patch to install.
Nov 17
Some folks have been turning off Windows 10’s search indexer due to thorny performance issues.
Nov 16
Thousands of Chrome business users report issues following new RAM-saving feature.
Nov 15
Google rolled out a new RAM-saving feature and broke Chrome for thousands of business users.

Latest cracks