Google Urges Windows Users To Update Chrome Amid New Security Threats

Uploaded on 2024-10-29 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

promotion

Google has issued an urgent alert, advising nearly 2 billion Windows users to update their Chrome browser to prevent potential security threats as cyberattacks continue to rise.

In 2023 alone, there were 2,365 cyberattacks affecting 343,338,964 victims. This warning is a reminder that all devices, including Chromebooks, need strong protection from online threats.
 
While ChromeOS is known for its secure design, it isn’t immune to malware and other digital threats, driving the need for a robust antivirus for Chromebooks. With malicious apps targeting thousands of devices, even on the Google Play Store, it's crucial to protect your Chromebook. 

According to technology writer Ilijia Miljkovac, tested and recommended antivirus options specifically for ChromeOS provide the right level of security for your Chromebook. The best antiviruses for Chromebooks can protect your computer from viruses and hackers by providing real-time protection. Without it, users are left vulnerable to cyber risks like identity theft, financial loss, and privacy invasion.

From Google’s side, their new update fixes three serious security problems that hackers could use to attack your devices. The update is available as version 130.0.6723.69/.70 and will install automatically, but you need to restart your browser for it to take effect.

Understanding The V8 Engine & Its Issues

One of the problems that was fixed affected Chrome extensions, while the other two were related to memory issues in the V8 JavaScript engine that runs Chrome. Kaspersky, a global security firm based in Russia, explained that every web browser relies on its JavaScript engine, and Chrome uses one called V8, which is Google’s open-source engine. 

To use less memory and run faster, V8 has a complicated engine, one interpreter, and three Just-In-Time (JIT) compilers to process JavaScript efficiently. However, these JIT compilers often introduce new security gaps, especially when major code changes are made or new compilers are added. These weak spots can have a big impact because of how widely Chrome is used.

There are several reasons for these V8 issues:

  • Complexity, as V8 is a complex program, and its detailed design can sometimes lead to security issues.
  • Frequent updates and new features can unintentionally create security risks.
  • As Chrome is so popular, V8 is a major target for hackers who are always looking for new weaknesses.

Even though V8 vulnerabilities are a concern, Google is working hard to fix them through regular security updates. 

Recent Cyber Attacks & Their Impact

Recently, these problems were used to attack unsuspecting users. Kaspersky shared a detailed look at a Chrome security problem from earlier this year, called Common Vulnerabilities and Exposures CVE-2024-4947 involving a "type confusion" issue in V8. Google quickly warned users that hackers were actively using it. CVE-2024-4947 was a flaw in a new, improved compiler within V8.

The attack was detected on the computer of a home user who visited detankzone[.]com. The website looked like a genuine product page for a decentralized finance (DeFi) NFT-based multiplayer tank game, encouraging users to download a trial version. 

However, this was just a cover. The harmful script was hidden on the site, and simply visiting it was enough to get infected—the game was just a mask. When attackers exploit CVE-2024-4947, hackers take complete control of their devices. When this happens, they can steal your personal information, such as passwords, bank details, and photos. They can also use your device to send spam emails, launch attacks on other computers, or even hold your data hostage for ransom.

The U.S. cybersecurity agency added this flaw to its ‘Known Exploited Vulnerabilities list’ as CVE-2024-4947 and told all federal employees to update their computers. So far, there haven’t been reports of new attacks, but similar issues often lead to more threats popping up.

Kaspersky links the attacks to the Lazarus APT group, described as a very skilled and versatile hacking team that speaks Korean. They used a backdoor attack with a tool called Manuscrypt, which the Lazarus group has been using since at least 2013. 

Kaspersky found that this malware has been used in over 50 attacks on many types of organizations, like governments, banks, military contractors, cryptocurrency platforms, IT companies, gaming businesses, media outlets, casinos, universities, and security researchers.

Microsoft also released a warning saying that a North Korean hacker took advantage of Chrome’s zero-day vulnerability. Microsoft Edge handles things differently, making it less vulnerable. This is why Microsoft says Edge is safer than Chrome, especially with warnings like this.

Kaspersky’s report explains the attack in detail, warning users how easily they can be targeted by following clues left by these attacks while browsing the web.

The Importance Of Being Cautious Online

For Chrome’s 2 billion users, the key message is to be careful with links in social media posts and phishing emails. Attackers often lead people to dangerous websites using these links. Once you’re on these sites, hackers can start stealing your data—beginning with cookies and login details and sometimes even getting into your whole device. 

The  NFT-based multiplayer tank game incident shows why it’s important to avoid suspicious links. Just one click can put your information and device at risk. Kaspersky's report also points out the irony that the company's software was recently taken off Google’s Play Store because of U.S. sanctions on Russia. Still, Chrome users are urged to keep their browsers updated to reduce the risks of V8 memory problems.

Fake crypto and NFT sites have become notorious for exposing unsuspecting users to hackers. This comes amid the flood of crypto platforms and new tokens popping up all the time, making it difficult for ordinary people to keep up with which platforms are legitimate. Another industry where customers are often targeted is through retail and eCommerce sites. 

Why You Should Keep Chrome Updated

Keeping Google Chrome updated is important for a few key reasons. Old software can have weak spots that hackers use to launch attacks like viruses, ransomware, and phishing scams. Cyberattacks are constantly evolving and becoming more sophisticated every day, so it's crucial to have the latest security features to protect yourself.

Here are the reasons to keep your Chrome up to date:

  • Better security helps to protect your computer from hackers and viruses.
  • Adds new tools and improvements.
  • Makes Chrome run faster and uses less space.
  • Works better with the latest websites and technologies.
  • Fixes problems that can cause crashes or other issues.

When you keep your software updated it makes you safer online, improves your experience, and protects your important data.

It’s a simple step with a big impact on your digital life. You can enjoy the latest technology and web standards because Updated software has fewer problems.

Conclusion

The recent security threat reminds us that it is essential for all users to keep Google Chrome up to date. With nearly 2 billion users at risk, it’s crucial to act fast and install the latest updates to protect against vulnerabilities. Updates can keep your data safe and help you enjoy a smoother online experience by regularly updating your browser.

So, make sure to update to version 130.0.6723.69 or .70 and restart your browser to ensure you’re protected.

Image: Pixabay

You Might Also Read:

AI & Biometrics In Cybersecurity:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Increase Security For Your Enterprise Cloud With A Next-Generation Firewall
X Is A Vehicle For Political Propaganda »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

AET Europe

AET Europe

AET Europe is specialised in creating technological solutions for user identification and authentication.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

Pacific Cyber Security Operational Network (PaCSON)

Pacific Cyber Security Operational Network (PaCSON)

PaCSON is an operational cyber security network of regional working-level cyber security experts in the Pacific.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.