Urgent warning for Google users to update Chrome within 72 hours after security vulnerabilities found
US cyber authorities have given Google users a 72-hour deadline to update Chrome and fix active vulnerabilities.
These exploits allow hackers to gain remote access to a system by exploiting memory errors, allowing them to collect personal data without the user’s knowledge.
The Cybersecurity and Infrastructure Security Agency (CISA) has added both threats to its list of known exploitable vulnerabilities, requiring government workers to update Chrome by September 18 to receive the fixes.
However, the agency warned the public and urged them to adhere to the same timeline to protect their devices.
Google Chrome users should update their browser immediately to prevent hackers from compromising their login credentials and stealing personal information.
“Chrome regularly checks for new updates and when an update is available, Chrome automatically applies it when you close and reopen the browser,” Google said.
But users who haven’t opened the browser in a while are being urged by the tech giant to do so.
After you open Chrome, close the program and reopen it to ensure you are using the latest version.
Users can check which update they have by clicking More at the top right, clicking Help, and then clicking About Google Chrome.
If you don’t see the Update Google Chrome button, you have the latest version.
Google also warned users after two vulnerabilities were exploited last month, allowing hackers to corrupt Chrome with a fraudulent HTML page.
At least one of the attacks has been attributed to North Korean crypto hackers named Citrine Sleet.
Google has since assured users that the “revamped Safety Check feature now runs automatically in the background in Chrome, taking more proactive measures to keep you safe.”
The feature also informs users if measures are being taken to protect them from potential hackers, such as revoking permissions for sites that are not frequently visited or used and ‘flagging potentially unwanted notifications’.
While the attacks have primarily targeted Chrome, the threat also affects Edge users. Edge users should also download the update to their browser and restart it to ensure it is installed.
Hackers using HTML malware to infiltrate user’s system is “a new technique used by stealers to force victims to enter login credentials into a browser, allowing them to be stolen from the browser’s credential store using traditional stealer malware,” according to OALABS research who first made the problem public.
Chrome’s Safety Check tool runs in the background to prevent hackers from accessing information and to notify users of any manual security updates
The malware worked by overwriting the computer’s system and placing a full-screen Google login page, locking the computer until the user entered their credentials.
Once you enter them, they are stored on disk in the browser’s credentials storage. From there, hackers can use malware to steal login passwords and other personal information.
Users are also reminded that there is a security issue that they need to fix manually. Regular scanning for security bug fixes and software updates is also performed.
If Chrome has not been updated to the latest version by the September 18 deadline, CISA advises users to stop using the browser.