If you are currently using Google Chrome, you should make sure that your browser is patched. If not, you may be subject to a serious zero-day vulnerability.
Kaspersky’s security researchers have discovered a zero-day vulnerability that leaves Chrome users open to a malicious attack that could allow hackers to take full control of the machine and download malware to the computer.
Worst of all, exploitation was taking place in the forest even before anyone came to know about it and it could have threatened millions of people.
Called Operation Wizardopium, the exploit is surprisingly sophisticated. According to Kaspersky, the defect was first injected into a Korean news website. When people visited the site, a script was loaded from the third party site to see if the machine was worth attacking.
According to Kaspersky, the attackers designed the code to attack only Windows machines running on Chrome version 65 or newer.
Once this was determined, the malware would download to the machine and check again to see if the person was using Chrome 76 or Chrome 77. If not, it will not load or cause any damage. If that were the case, it would move to its next step of running code that would have downloaded malware to the computer.
Zero-day exploits are the most frequent of loopholes affecting software. They mean that a security issue is in the wild and the software manufacturer has not yet released a fix. Therefore, users are left without any protection and are expected not to fall prey to attacks.
According to Kaspersky, it informed Google about the defect, and the company has already issued a fix. According to Kaspersky, this fix is Chrome version 78.0.3904.87. And if you are not running it, you should download it. It is available for Windows, macOS, and Linux.