If you’re wondering whether Chrome is perfectly secure, then you might need to reconsider thinking that. Recently, Chrome decided to bring an update with the version of 78.0.3904.87 (For Windows, Linux as well as Mac OS) which is vulnerable to two patches of security. This means that using, this version of the browser, might be a bad idea right now. Find out more below!
What Is Zero-Day Active Attack?
what is zero day vulnerability? This specific attack has link to vulnerable security patches. One is audio component that is prone to exploit and the other is the PDFium library.
In the past few months, Google has made a statement, that the use-and-free vulnerability has a link to the corruption that again, has a link with the memory of the system. This significant issue could deliberately give rise to altering data present in the memory itself.
Any unauthorized user may misutilize or make additional modifications to the data. Hence, hackers or intruders make easy targets on those users who are easily convincible. This means that through this flaw, intruders can coerce users into visiting websites that are full of malicious files.
Upon doing so, users lose the sandbox protection. After that, the malicious files from the website run malicious codes that are arbitrary on the system.
How Does Zero-Day Active Attack Works?
As the name itself suggests, the zero-day active attack is an attack by intruders or hackers that deals with exploiting the vulnerable aspects of software. The hacker detects the flaws in the software and as per the application, the exploited codes are written against the vulnerability.
Based on the reports of researchers, the intruders plant the exploit code on a website that so that anybody visiting the website having the Chrome version that is vulnerable, maybe under effect.
Usually, these websites are built such that it raises a person’s interest. With that interest or raising curiosity, the users end up clicking on websites that are not genuine.
The attacker is known to first install malware of the first stage on systems that are in target. This happens right after the exploitation of the vulnerability of Chrome, (CVE-2019-13720).
After that, intruders establish a connection to a server that runs on command and control. This connection happens just so that attackers can install the final payload.
What does Google say About Zero-Day Active Attack?
The issue was detected by Alexey Kulaev as well as Anton Ivanov who happen to be researchers of Kaspersky. Google mentioned in a blog that they are well aware of the exploits that are out in the wild and working on patches in the upcoming new release of update.
They also added in a blog that the links, as well as details of the bug, will not be available to users. However, if the majority of users install the new update for the issue then it may be revealed.
Google has been deliberately warning many users to get new chrome update as soon as possible. The new update consists of two patches for the vulnerabilities. The breach of security is serious. And because of that, Infrastructure Security Agency (CISA), as well as Cybersecurity, has made warnings to users so that they immediately get the new update.
Update Chrome Browser Immediately!
Since the issue has been out in light recently, Google has been cooking updates google chrome browser that is going to fix the bug. It is expected that it would be out in few weeks so that users can save their system and information.
You may need to get the new chrome update as soon as it releases. And here’s how you can do that;
When you open the Chrome browser, you may notice an arrow that is pointing at an update, at the top corner of the browser. When the update arrives, press on the button.
You can also try updating in a different way. Simply, go to the “Settings” of the browser and then choose the “About Chrome” option. After that, when you’ve successfully updated the browser, these vulnerabilities will be fixed. And, you will no longer be a target of an attack.