Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now


You can switch off notifications anytime using browser settings.
11,872.1031.65
Stock Analysis, IPO, Mutual Funds, Bonds & More

Beware! Google Chrome's zero-day vulnerability may put your system credentials at risk

This latest vulnerability, code-named CVE-2019-13720, was brought to the notice of Google.

, ET Bureau|
Nov 04, 2019, 07.52 PM IST
0Comments
Agencies
chrome
The injected script then checks if iteration of Google Chrome installed in the system is of version 65 or later.
Cybersecurity firm Kaspersky has detected a zero-day vulnerability in Google’s popular Chrome browser that could have put millions of users at risk. Zero-day vulnerabilities are hitherto unknown bugs in a software product that can be exploited by malicious actors to inflict damage. This latest vulnerability, code-named CVE-2019-13720, was brought to the notice of Google, which subsequently released a software patch.

The breach in question was created by inserting malicious JavaScript code in the main page, which in turn links to a remote site and loads a profiling script. It then checks the possibility of the victim’s system being infecting by comparing the version of the browser that holds the user’s credentials.

The injected script then checks if iteration of Google Chrome installed in the system is of version 65 or later. This gives the attacker multiple code execution scenarios and a chance to the host system.

“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

He noted the detected exploit held similarities with the erstwhile Lazarus attacks, and that the profile of targeted users was similar to that of previous false flag attacks. To safeguard against the vulnerability, users are advised to install the software patch provided by Google and update all enterprise used at home and work.

For professional networks, corporate-grade security solutions are recommended. Security products that offer endpoint protection are recommended for personal use.

Offline Location Tracking For iPhones, Speedometer In Google Maps: Features That Will Chang...

of 4
Next
Prev
Play Slideshow

Tech Talk

13 Jun, 2019
Hardware and software go hand in hand when it comes to the technology that we use. But software can move much faster, which is why we see a lot of companies focusing on delivering new features over the air via updates. Karan Bajaj talks about some of the new things with the maximum impact.
Next

Want stories like this in your inbox? Sign up for the daily ET Panache newsletter.

You can also follow us on Facebook, Twitter and LinkedIn.

Also Read

Google Chrome rolls out update; customisation, organising tabs to get better

8 must-have Google Chrome extensions

Google Chrome OS 74 promises bug fixes, improved hardware support

All for security: Google Chrome 75 introduces 'Suspicious Site Reporter Extension' feature

Comments
Add Your Comments
Commenting feature is disabled in your country/region.
Download The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.

Other useful Links


Follow us on


Download et app


Copyright © 2019 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service