Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now

You can switch off notifications anytime using browser settings.
The Economic Times

Beware! Google Chrome's zero-day vulnerability may put your system credentials at risk

The injected script then checks if iteration of Google Chrome installed in the system is of version 65 or later.
Cybersecurity firm Kaspersky has detected a zero-day vulnerability in Google’s popular Chrome browser that could have put millions of users at risk. Zero-day vulnerabilities are hitherto unknown bugs in a software product that can be exploited by malicious actors to inflict damage. This latest vulnerability, code-named CVE-2019-13720, was brought to the notice of Google, which subsequently released a software patch.

The breach in question was created by inserting malicious JavaScript code in the main page, which in turn links to a remote site and loads a profiling script. It then checks the possibility of the victim’s system being infecting by comparing the version of the browser that holds the user’s credentials.

The injected script then checks if iteration of Google Chrome installed in the system is of version 65 or later. This gives the attacker multiple code execution scenarios and a chance to the host system.

“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

He noted the detected exploit held similarities with the erstwhile Lazarus attacks, and that the profile of targeted users was similar to that of previous false flag attacks. To safeguard against the vulnerability, users are advised to install the software patch provided by Google and update all enterprise used at home and work.

For professional networks, corporate-grade security solutions are recommended. Security products that offer endpoint protection are recommended for personal use.

Offline Location Tracking For iPhones, Speedometer In Google Maps: Features That Will Chang...

of 4
Play Slideshow

Tech Talk

13 Jun, 2019
Hardware and software go hand in hand when it comes to the technology that we use. But software can move much faster, which is why we see a lot of companies focusing on delivering new features over the air via updates. Karan Bajaj talks about some of the new things with the maximum impact.

Stay on top of business news with The Economic Times App. Download it Now!