Google is sounding the alarm again. The Mountain View giant has just uncovered a new vulnerability in Chrome's code. The breach affects the web browser's V8 JavaScript engine. It allows a remote attacker to execute malicious code on the victim's computer.
An ultra-dangerous flaw... exploited in attacks
To exploit the flaw, the attacker must use a booby-trapped HTML page. It contains specially crafted JavaScript codeto trigger the flaw. The code uses normal JavaScript functions to cause a read or write outside of authorized memory. This is when the attacker is able to inject code into the computer by taking control of Chrome.
Researchers from Google's Threat Analysis Group issued the alert on May 27. The danger of the flaw is estimated at 8.8/10. According to Google researchers, there is an exploit, that is, a way to exploit the vulnerability, circulating on the web. The flaw has therefore been exploited by hackers as part of cyberattacks. It is imagined that the breach could be used in phishing attacks, based on booby-trapped emails or messages.
Emergency update at Google
Alerted by its experts, the American giant has decided to deploy an emergency update, outside of its usual deployment schedule. The company included the fix in update 137.0.7151.68/.69 for Windows and macOS. The version for Linux computers is stamped 137.0.7151.68 and will be deployed "over the next few days/weeks". The update fixes both the flaw mentioned above, as well as two other less critical issues.
We obviously recommend installing the fix as soon as it's available. Go to About Google Chrome, then click Relaunch to complete the installation. Also, remember to restart Chrome regularly to receive the latest updates and security patches. We recommend enabling automatic Chrome updates. Other browsers based on the Chromium engine, such as Edge and Brave, will also have to update to protect users. Unsurprisingly, Google will keep details of the flaw confidential until most users have installed the update. This precaution is intended to prevent hackers from using public information to exploit the breach.
This is already the second time this year that Google has had to act urgently to plug a Chrome flaw exploited by cybercriminals. In March, the publisher released a patch to hamper a massive cyberespionage operation underway on Chrome.
Source: Google
0 Comments