A new hacking threat was recently
discovered, endangering Google Chrome users. According to researchers from
Kaspersky Labs, the threat — the zero-day vulnerability — might be invading the
systems of users and taking over control of their devices.
The report has named
the vulnerability ‘Operation WizardOpium,’ and it warns users that hackers
might be able to download the malware to hijack various devices. Researchers
believe that the malware could be downloaded directly.
The bug
was allegedly first used to attack a Korea-based news site. The website’s
regular visitors accidentally (and unknowingly) opened a door for another,
third-party website that then loaded a script that inspected the device. If the
device were found to be vulnerable, the site would have infected it with
malware.
Researchers also pointed out that the threat was designed to only target devices that are running specific versions of Google Chrome , including v65 and any other version that came after it. Fortunately, all older versions of the browser are considered risk-free. If the third-party site detects an old version, the operation ends immediately, and the user gets to walk away uninfected.
Meanwhile, if the user’s version of Chrome is 65 or younger — such as Chrome 76 or 77 — Operation WizardOpium would proceed with the infection. The site starts by running a specific code that is tasked with downloading malware on the device and immediately launching it.
Kaspersky
has notified Google of the vulnerability immediately after its discovery.
Google itself responded quite rapidly as well, quickly issuing a fix to the
issue in the form of a new version known as 78.0.3904.87.
However,
users are still not out of danger, as the new version might not get downloaded
and applied automatically. In other words, users should check their current
Chrome version, and it if is one of the vulnerable ones, they will have to
manually go to Google Chrome download page and obtain the fix, which must then
be installed and implemented. Google has also made the fix available for
Windows, Linux, and Mac, meaning that all three systems should be covered at
this time.
Kaspersky
has advised users to obtain the fix as soon as possible, or their devices might
get infected, regardless of their caution during web browsing. It still remains
unknown how many users have already been infected by the threat, or whether the
hackers are targeting only a specific region or every Chrome user.
It also remains unknown why does the threat only target specific versions of Chrome. Researchers assume that the reason might be that the hackers’ toolkit might contain some other exploits for the browser’s other versions. However, they admit that they cannot be sure that this is the case, for now. All that they can say with certainty is that the listed versions are going to get infected if the browser access the infected website , such as the one of the mentioned Korean news outlet.
Kaspersky
also pointed out that everyone should update their Chrome browser, regardless
of whether or not they read Korean news sites. They predict that new exploits
that are using this vulnerability might emerge at any time, particularly now,
when the flaw has become public knowledge.
As
mentioned, the updates should arrive automatically, and simply restarting the
browser should be enough to install the new version, according to the report.
However, it is better for users to make sure that their browser has indeed
applied the fix, and not base their devices’ safety on the pure assumption that
it did.
The report serves as yet another proof of hackers’ innovative methods and the fact that it is extremely difficult to remain secure on the internet these days. Anyone not wishing to become a victim of a hack should also try and remember to always keep their software up to date on all devices, and the same goes for apps and programs that might be installed on the device.