Google has been warned of a new ‘serious’ flaw in its Chrome browser, and is now urging users to update the fix.
The new vulnerability is part of a pattern with Chrome’s V8 JavaScript engine that has become “particularly attractive to real attackers,” a Google cybersecurity expert warned.
Simply put, the recently discovered vulnerability in Chrome allows hackers to take control of your browser via malicious code hidden in a spoofed HTML web page.
The warning comes amid a summer of catastrophic hacks around the world, including the “RockYou2024” breach on Independence Day in July, which exposed as many as 10 billion passwords to cybercriminals, and a large-scale breach of U.S. Social Security numbers.
Microsoft’s Threat Intelligence Center has warned its search engine rival Google about a new “high” level of a flaw in its Chrome browser (logo above). Google is now urging users to update the fix
If successful, the new exploit could be used to steal passwords from Chrome’s Google Password Manager, credit card information for autofill, and more — all before a Chrome user has any idea their system has been compromised.
“V8 bugs typically allow for the construction of unusually powerful exploits,” said Samuel Groß, a member of Google Project Zero’s security research team.
Gross suggested a detailed V8 sandbox to fix this entire class of bugs and help protect Google Chrome’s V8 software, which works directly with JavaScript — a programming language that’s popular on the web but particularly vulnerable to hackers.
This V8 sandbox became operational last April. But unfortunately for many, it only works with PCs and laptops with at least a 64-bit processor.
“The V8 Sandbox requires a 64-bit system because a large amount of virtual address space needs to be reserved,” Groß said The Hacker News‘currently one terabyte.’
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) first reported the new V8 vulnerability on August 19, 2024.
According to Google, the issue was fixed two days later and is now available in the latest Chrome updates.
How exactly this V8 issue can be exploited by hackers is still a closely guarded secret of the tech giant, partly to protect its users who have not updated their browsers.
The monetary reward owed to MSTIC and MSRC for discovering the vulnerability has not yet been determined, Google’s Chrome update released on wednesday.
To update Chrome on your own computer, first open the browser and click the three vertically aligned dots in the top right corner of the browser.
There, go to the ‘Help’ menu and click on ‘About Chrome’. The new page will show the latest updates and may update them automatically, unless the device is a workplace computer that requires administrative rights and therefore requires assistance from the IT department.
Once Chrome is updated, simply click ‘Relaunch’ to complete the process.