Google Chrome October Warning
Google Chrome October Warning has been published for immediate high alert since the recent hack.Google is warning users to urgently update Chrome for the second time this week as the search engine giant confirms “multiple high-level hacks of browser”. Once again, the tech giant advised its 2.6 billion users to update Chrome after publishing a new blog post revealing four “high” rated vulnerabilities.
Google’s threat analysis group (TAG) said hackers “created malformed code signatures” that would be considered as ”valid by Windows” but could not be detected by OpenSSL code used in security scanners.
TAG discovered that the OpenSUpdater line of software uses this new technique. Described as riskware, OpenSUpdater shows ads on victims’ browsers and then installs unwanted programs into their PCs. Most of the targeted victims of OpenSUpdater attacks are US-based users prone to downloading games.
The latest warning comes after Google advised its users about a security flaw in the browser that hackers could exploit on Monday. While Google has maintained that it is working hard to protect users’ security, cyber experts say it’s time to leave Chrome behind. This year, the company disclosed the latest in a string of security flaws in a September 24 blog post.
The post confirmed that Chrome’s 11th “zero-day” exploit of the year was found and impacted Linux, macOS, and Windows users. This classification means hackers could use the flaw to their advantage before the tech giant could fix it – upping the threat significantly, Forbes reported. Google reportedly kept the hack details under wraps to protect users after in-house employees discovered the flaw. According to Forbes, it was revealed just weeks after Google admitted it “accidentally” allowed the secret tracking of millions of users.
At the heart of Google‘s latest tracking trouble is the rollout of a new Chrome API that detects and reports when a user is “idle” or not actively using their device. Google has defended the feature from criticism by security experts who say it can be easily abused by malicious sites seeking sensitive information. “This feature, which we only expect to be used by a small fraction of sites, requires the site to ask for the user’s permission to access this data,” Google told Forbes.
“It was built with privacy in mind and helps messaging applications deliver notifications to only the device the user is currently using.”