Google Urges Windows Users To Update Chrome Amid New Security Threats

promotion

Google has issued an urgent alert, advising nearly 2 billion Windows users to update their Chrome browser to prevent potential security threats as cyberattacks continue to rise.

In 2023 alone, there were 2,365 cyberattacks affecting 343,338,964 victims. This warning is a reminder that all devices, including Chromebooks, need strong protection from online threats.
 
While ChromeOS is known for its secure design, it isn’t immune to malware and other digital threats, driving the need for a robust antivirus for Chromebooks. With malicious apps targeting thousands of devices, even on the Google Play Store, it's crucial to protect your Chromebook. 

According to technology writer Ilijia Miljkovac, tested and recommended antivirus options specifically for ChromeOS provide the right level of security for your Chromebook. The best antiviruses for Chromebooks can protect your computer from viruses and hackers by providing real-time protection. Without it, users are left vulnerable to cyber risks like identity theft, financial loss, and privacy invasion.

From Google’s side, their new update fixes three serious security problems that hackers could use to attack your devices. The update is available as version 130.0.6723.69/.70 and will install automatically, but you need to restart your browser for it to take effect.

Understanding The V8 Engine & Its Issues

One of the problems that was fixed affected Chrome extensions, while the other two were related to memory issues in the V8 JavaScript engine that runs Chrome. Kaspersky, a global security firm based in Russia, explained that every web browser relies on its JavaScript engine, and Chrome uses one called V8, which is Google’s open-source engine. 

To use less memory and run faster, V8 has a complicated engine, one interpreter, and three Just-In-Time (JIT) compilers to process JavaScript efficiently. However, these JIT compilers often introduce new security gaps, especially when major code changes are made or new compilers are added. These weak spots can have a big impact because of how widely Chrome is used.

There are several reasons for these V8 issues:

  • Complexity, as V8 is a complex program, and its detailed design can sometimes lead to security issues.
  • Frequent updates and new features can unintentionally create security risks.
  • As Chrome is so popular, V8 is a major target for hackers who are always looking for new weaknesses.

Even though V8 vulnerabilities are a concern, Google is working hard to fix them through regular security updates. 

Recent Cyber Attacks & Their Impact

Recently, these problems were used to attack unsuspecting users. Kaspersky shared a detailed look at a Chrome security problem from earlier this year, called Common Vulnerabilities and Exposures CVE-2024-4947 involving a "type confusion" issue in V8. Google quickly warned users that hackers were actively using it. CVE-2024-4947 was a flaw in a new, improved compiler within V8.

The attack was detected on the computer of a home user who visited detankzone[.]com. The website looked like a genuine product page for a decentralized finance (DeFi) NFT-based multiplayer tank game, encouraging users to download a trial version. 

However, this was just a cover. The harmful script was hidden on the site, and simply visiting it was enough to get infected—the game was just a mask. When attackers exploit CVE-2024-4947, hackers take complete control of their devices. When this happens, they can steal your personal information, such as passwords, bank details, and photos. They can also use your device to send spam emails, launch attacks on other computers, or even hold your data hostage for ransom.

The U.S. cybersecurity agency added this flaw to its ‘Known Exploited Vulnerabilities list’ as CVE-2024-4947 and told all federal employees to update their computers. So far, there haven’t been reports of new attacks, but similar issues often lead to more threats popping up.

Kaspersky links the attacks to the Lazarus APT group, described as a very skilled and versatile hacking team that speaks Korean. They used a backdoor attack with a tool called Manuscrypt, which the Lazarus group has been using since at least 2013. 

Kaspersky found that this malware has been used in over 50 attacks on many types of organizations, like governments, banks, military contractors, cryptocurrency platforms, IT companies, gaming businesses, media outlets, casinos, universities, and security researchers.

Microsoft also released a warning saying that a North Korean hacker took advantage of Chrome’s zero-day vulnerability. Microsoft Edge handles things differently, making it less vulnerable. This is why Microsoft says Edge is safer than Chrome, especially with warnings like this.

Kaspersky’s report explains the attack in detail, warning users how easily they can be targeted by following clues left by these attacks while browsing the web.

The Importance Of Being Cautious Online

For Chrome’s 2 billion users, the key message is to be careful with links in social media posts and phishing emails. Attackers often lead people to dangerous websites using these links. Once you’re on these sites, hackers can start stealing your data—beginning with cookies and login details and sometimes even getting into your whole device. 

The  NFT-based multiplayer tank game incident shows why it’s important to avoid suspicious links. Just one click can put your information and device at risk. Kaspersky's report also points out the irony that the company's software was recently taken off Google’s Play Store because of U.S. sanctions on Russia. Still, Chrome users are urged to keep their browsers updated to reduce the risks of V8 memory problems.

Fake crypto and NFT sites have become notorious for exposing unsuspecting users to hackers. This comes amid the flood of crypto platforms and new tokens popping up all the time, making it difficult for ordinary people to keep up with which platforms are legitimate. Another industry where customers are often targeted is through retail and eCommerce sites. 

Why You Should Keep Chrome Updated

Keeping Google Chrome updated is important for a few key reasons. Old software can have weak spots that hackers use to launch attacks like viruses, ransomware, and phishing scams. Cyberattacks are constantly evolving and becoming more sophisticated every day, so it's crucial to have the latest security features to protect yourself.

Here are the reasons to keep your Chrome up to date:

  • Better security helps to protect your computer from hackers and viruses.
  • Adds new tools and improvements.
  • Makes Chrome run faster and uses less space.
  • Works better with the latest websites and technologies.
  • Fixes problems that can cause crashes or other issues.

When you keep your software updated it makes you safer online, improves your experience, and protects your important data.

It’s a simple step with a big impact on your digital life. You can enjoy the latest technology and web standards because Updated software has fewer problems.

Conclusion

The recent security threat reminds us that it is essential for all users to keep Google Chrome up to date. With nearly 2 billion users at risk, it’s crucial to act fast and install the latest updates to protect against vulnerabilities. Updates can keep your data safe and help you enjoy a smoother online experience by regularly updating your browser.

So, make sure to update to version 130.0.6723.69 or .70 and restart your browser to ensure you’re protected.

Image: Pixabay

You Might Also Read:

AI & Biometrics In Cybersecurity:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Increase Security For Your Enterprise Cloud With A Next-Generation Firewall
X Is A Vehicle For Political Propaganda »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.