A new security flaw has just been discovered in Google Chrome. The vulnerability was first discovered by two Kaspersky researchers, Boris Larin and Igor Kuznetsov. It allows bypassing all protections in Google's Privacy Sandbox, the set of technologies that aim to protect user privacy, on Chrome for Windows. The flaw stems from a flaw in "the interaction between the browser tray Chrome sand» and Microsoft's operating system.
Espionage operations
According to Google, the flaw has been actively exploited in cyberattacks. The publisher is not saying more at this time. Google indicates that details of the bugs “may be limited until the majority of users have installed the fix». This is a common precaution to prevent cybercriminals from using public information to orchestrate attacks. However, the two researchers behind the discovery assure that the breach was used to spread viruses through Chrome.
The vulnerability is actively exploited by phishing attacks. The offensive simply consists of redirecting Internet users to a malicious page, which will result in the installation of the malware. It is mainly Russian organizations that are in the crosshairs of the cyberattack, referred to as Operation ForumTroll. It all starts with sending a phishing email designed to attract the targets' curiosity.
To trap the targets, the hackers hide the malware in an email dedicated to a prestigious event, namely "the international forum “Primakov Readings”, which will be held from June 23 to 25 at the Moscow International Trade Center." To receive an invitation to the event and fill out a registration form, the user must click on a link. It is this link that is responsible for slipping in a virus, tailored to siphon all data from the computer, on the system.
Google corrects the situation
True to its habits, the Mountain View giant was quick to correct the situation by deploying an update. As Google explains in a security alert, "The Extended Stable version has been updated to 134.0.6998.178 on Windows and will be deployed gradually in the coming days or weeks". The vulnerability only applies to the Windows version of Chrome.
For security reasons, we recommend that you install it without delay. Go to the section About Google Chrome, and press Relaunch to finalize the installation of the latest update. It is necessary to restart Chrome regularly to get the latest updates and security patches.
Source: Kaspersky
0 Comments