Warning for Google Chrome users as company confirms ‘multiple high-level hacks of browser’ for second time this week | #linux | #linuxsecurity


GOOGLE Chrome users were warned of “multiple high-level hacks of [the] browser” for the second time this week, reports say.

The tech giant advised its 2.6billion users to be aware in a new blog post, revealing four “high” rated vulnerabilities – days after discovering Chrome’s 12th and 13th “zero day” exploits, reported Forbes.

3

Google warned users to delete Chrome for the second time this weekCredit: Getty

3

Google confirmed ‘multiple high-level hacks of browser’Credit: EPA

Google’s threat analysis group (TAG) said hackers “created malformed code signatures” that would be considered as “valid by Windows” but could not be detected by OpenSSL code used in security scanners.

TAG discovered that the OpenSUpdater line of software utilizes this new technique.

Described as riskware, OpenSUpdater shows ads on victims’ browsers and then installs unwanted programs into their PCs.

Most of the targeted victims of OpenSUpdater attacks are US-based users prone to downloading cracked games.

The latest warning comes after Google advised its users about a security flaw in the browser that hackers could exploit on Monday.

While Google has maintained that it is working hard to protect users’ security, cyber experts say it’s time to leave Chrome behind.

This year, the company disclosed the latest in a string of security flaws in a September 24 blog post.

The post confirmed that Chrome’s 11th “zero-day” exploit of the year was found and impacted Linux, macOS, and Windows users.

This classification means hackers could use the flaw to their advantage before the tech giant could fix it – upping the threat significantly, Forbes reported.

Google reportedly kept the hack details under wraps to protect users after in-house employees discovered the flaw.

According to Forbes, it was revealed just weeks after Google admitted it “accidentally” allowed the secret tracking of millions of users.

3

Google confirmed four “high” rated vulnerabilities to the browserCredit: SOPA Images/LightRocket via Gett

At the heart of Google’s latest tracking trouble is the roll-out of a new Chrome API that detects and reports when a user is “idle” or not actively using their device.

Google has defended the feature from criticism by security experts who say it can be easily abused by malicious sites seeking sensitive information.

“This feature, which we only expect to be used by a small fraction of sites, requires the site to ask for the user’s permission to access this data,” Google told Forbes.

“It was built with privacy in mind and helps messaging applications deliver notifications to only the device the user is currently using.”

We pay for your stories!

Do you have a story for The US Sun team?



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

thirty eight − = twenty eight