Posted on September 2, 2019 at 6:54 PM
Netizens all over the world, specifically those that use Google Chrome, find themselves in fear once again as another significant security flaw associated with the privacy and security-challenged web browser has been identified in recent hours. Every version is said to be affected by the situation, and the company is recommending users to install a patch as soon as possible.
The alleged security exploit in the Chrome browser lets cybercriminals and malicious agent take control of a vulnerable host. Reports indicate that the flaw was unveiled by the Center for Internet Security.
A Widely Used Browser, And A Huge Risk
The alleged security flaw is especially dangerous if we consider the fact that Google Chrome is the most widely used web browser on the planet, with more than two billion people having it installed on their devices. The loophole is, allegedly, part of Blink, which drives the browser engine.
Google, shortly after learning about the major security flaw, began working on an update to offer its wide user base, and the improved version is already available after a few days of work by specialists and researches of the major online company. If you want your Chrome version to update, it needs to be closed and relaunched.
The entity wrote that governments might be the primary targets of any potential offenses while using the vulnerability.
The security flaw, in order to be enabled, needs users to enter a malicious web page. At that moment, the person or entity perpetrating the attack may try to run arbitrary code with the intention of taking over the user’s device.
Install the Patch As Soon As Possible
There was a statement published, alerting users about the unfortunate situation and advising them to install the patch as quickly as possible. The message informed that to successfully exploit the flaw, the attacker needed to run arbitrary code in the browser, and that depending on the privileges associated with the application, the perpetrator could inflict several degrees of damage.
According to the statement, the attacker could modify crucial data, install applications and programs in the device, or even create accounts in several platforms with full user rights, among other things.
The advisory also states that if the application was configured to have fewer user rights on the system, the impact of the vulnerability would be less than in the event in which the app or program was configured with administrative rights.
As previously stated, all Google Chrome’s versions are equally affected by the security vulnerability, including those for desktop-related operating systems such as Windows, Linux, and macOS. However, the mobile versions of Chrome are safe, which means those using Android and iOS are unaffected by the flaw.
The advisory informs that those versions before 76.0.3809.132 are currently at risk and need to install the patch if they don’t want their device being taken over by a cybercriminal, or their accounts and data breached.
Governments and Related Institutions May Be Threatened
The advisory warns that the risk of this vulnerability being used to torment government institutions and entities around the world is high, and it names large and medium organizations as well as the medium and large-sized business as being prone to the flaw. Small governmental agencies are at “low” risk, as are household users.
The security loophole was discovered as Google implemented its bug bounty program, in which the Internet giant offers prizes and rewards to researchers and developers around the world that spot flaws. This one, in particular, was unveiled by Luyao Liu and Zhe Jin from the Chinese security company Qihoo 360, and they earned$5,500 for their contributions.
At the moment of writing this piece of news, there weren’t reports of any hacking group using the security flaw to target any particular government agency or individual, although that situation is prone to change at any minute.