Google has been alerted to a new ‘high’ level flaw in its Chrome browser — with the tech giant now urging users to update the fix.
The new vulnerability is part of a pattern with Chrome’s JavaScript engine V8, which has become ‘especially attractive for real-world attackers,’ as one Google cybersecurity expert warned.
In layman’s terms, the newly uncovered flaw in Chrome allows hackers to take control of your browser via malicious code hidden within a falsified HTML webpage.
The alert comes amid a summer of catastrophic global hacks, including July’s Independence Day ‘RockYou2024’ leak, which exposed an astonishing 10 billion passwords to cyber criminals, and a massive breach of US social security numbers.
Microsoft’s Threat Intelligence Center has alerted its search engine rival Google to a new ‘high’ level flaw in its Chrome browser (logo above). Google is now urging users to update the fix
The new exploit, if successful, could be used to steal passwords from Chrome’s Google Password Manager, credit card ‘autofill’ information and more — all before a Chrome user has even suspected that their system has been compromised.
‘V8 bugs typically allow for the construction of unusually powerful exploits.’ according to Samuel Groß, a member of the Google Project Zero security researchers team, in an interview with ZDNET.
Groß proposed a detailed V8 sandbox to resolve this whole class of bugs and help protect Google Chrome’s V8 software which engages directly with JavaScript: a coding language that’s been popular on the web but notably vulnerable to hackers.
This V8 sandbox became operational last April. But, unfortunately for many, it will only work with PCs and laptops that have at least a 64-Bit processor.
‘The V8 Sandbox requires a 64-bit system as it needs to reserve a large amount of virtual address space,’ Groß told The Hacker News, ‘currently one terabyte.’
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) first reported the new V8 flaw on August 19, 2024.
According to Google, the issue was fixed two days later and is now available in the latest updates of Chrome.
Precisely how this problem with V8 can be cleverly leveraged by hackers is still a closely guarded secret by the tech giant, in part to protect its user base who have not updated their browsers.
The cash reward owed to MSTIC and MSRC for discovering the vulnerability has not yet been determined, according to Google’s Chrome release update on Wednesday.
To update Chrome on your own computer, first open the browser and click on the vertically aligned three dots in the browser’s top-right corner.
From there, go to the ‘Help’ menu and click on ‘About Chrome.’ The new page will show you the latest updates and may automatically update them, unless the device is a workplace computer in need of administrator privileges requiring IT assistance.
Once Chrome is updated, simply click ‘Relaunch’ to complete the process.