Urgent Chrome Update: US Cyber Agency Sets April 17 Deadline for Users
Google is issued an emergency update to its Chrome browser for Microsoft Windows after critical zero-day exploit was found being exploited in the wild and prompted urgent warnings from security experts and agencies.
Urgent Chrome Update: US Cyber Agency Sets April 17 Deadline for Users
The vulnerability, which was discovered through cybersecurity company Kaspersky in the last month, is a highly complex malware threat that could be transmitted to users by simply clicking a malicious email link. Kaspersky warned of a "wave of infections by previously unknown and highly sophisticated malware," insisting the fact that "no further action was required to become infected" beyond clicking on the initial link.
Google claims to be cognizant of information that suggests suggest the exploit is out there
According to an Chromium update, Google Chrome update has updated the stable channel to 134.0.6998.177/.178 for Windows that will be released over the next few days/weeks. The update comes with a security update, the company added.
Google has, however, been retaining the bug's details and links inaccessible until the majority of users have been updated with the fix.
CISA to users of Chrome on Windows to update or delete application
The US Cybersecurity and Infrastructure Security Agency CISA warning issued, asking users to update their browsers immediately, and if an update is not possible before April 17 "discontinue use of the product," as per Forbes. Although this directive is only applicable for federal workers, the CISA's guidelines are highly suggested for all businesses whether private or public regardless of size.
"Google Chromium Mojo running on Windows includes a sandbox-escaping vulnerability that results from a logic issue caused by an insufficient handle being supplied under unspecified circumstances. This vulnerability can affect a variety of browsers using Chromium, which includes but not limited to, Google Chrome, Microsoft Edge and Opera," CISA said
"Vulnerability has been reported in Google Chrome which could allow a remote attacker to bypass Google Chrome sandbox protection on the targeted system," Cert-In stated.
However, Kaspersky said that "this exploit is certainly one of the most interesting we've encountered," pointing out that attackers were able to get around Chrome's sandbox security "as if it didn't even exist."
