Posted on November 8, 2019 at 5:54 PM
A new hacking threat was recently discovered, endangering Google Chrome users. According to researchers from Kaspersky Labs, the threat — the zero-day vulnerability — might be invading the systems of users and taking over control of their devices.
Zero-day vulnerability threatens Chrome users
The report has named the vulnerability ‘Operation WizardOpium,’ and it warns users that hackers might be able to download the malware to hijack various devices. Researchers believe that the malware could be downloaded directly.
The bug was allegedly first used to attack a Korea-based news site. The website’s regular visitors accidentally (and unknowingly) opened a door for another, third-party website that then loaded a script that inspected the device. If the device were found to be vulnerable, the site would have infected it with malware.
Researchers also pointed out that the threat was designed to only target devices that are running specific versions of Google Chrome, including v65 and any other version that came after it. Fortunately, all older versions of the browser are considered risk-free. If the third-party site detects an old version, the operation ends immediately, and the user gets to walk away uninfected.
Meanwhile, if the user’s version of Chrome is 65 or younger — such as Chrome 76 or 77 — Operation WizardOpium would proceed with the infection. The site starts by running a specific code that is tasked with downloading malware on the device and immediately launching it.
Kaspersky has notified Google of the vulnerability immediately after its discovery. Google itself responded quite rapidly as well, quickly issuing a fix to the issue in the form of a new version known as 78.0.3904.87.
Check if the fix was applied
However, users are still not out of danger, as the new version might not get downloaded and applied automatically. In other words, users should check their current Chrome version, and it if is one of the vulnerable ones, they will have to manually go to Google Chrome download page and obtain the fix, which must then be installed and implemented. Google has also made the fix available for Windows, Linux, and Mac, meaning that all three systems should be covered at this time.
Kaspersky has advised users to obtain the fix as soon as possible, or their devices might get infected, regardless of their caution during web browsing. It still remains unknown how many users have already been infected by the threat, or whether the hackers are targeting only a specific region or every Chrome user.
It also remains unknown why does the threat only target specific versions of Chrome. Researchers assume that the reason might be that the hackers’ toolkit might contain some other exploits for the browser’s other versions. However, they admit that they cannot be sure that this is the case, for now. All that they can say with certainty is that the listed versions are going to get infected if the browser access the infected website, such as the one of the mentioned Korean news outlet.
Kaspersky also pointed out that everyone should update their Chrome browser, regardless of whether or not they read Korean news sites. They predict that new exploits that are using this vulnerability might emerge at any time, particularly now, when the flaw has become public knowledge.
Keep your software up to date
As mentioned, the updates should arrive automatically, and simply restarting the browser should be enough to install the new version, according to the report. However, it is better for users to make sure that their browser has indeed applied the fix, and not base their devices’ safety on the pure assumption that it did.
The report serves as yet another proof of hackers’ innovative methods and the fact that it is extremely difficult to remain secure on the internet these days. Anyone not wishing to become a victim of a hack should also try and remember to always keep their software up to date on all devices, and the same goes for apps and programs that might be installed on the device.