Google Chrome isn’t having the best year in 2024. The web browser has been hit with a bunch of vulnerabilities, though Google quickly patched them up. In the latest twist, Microsoft found another vulnerability in Chrome, which Google admitted is being exploited by hackers. The search giant rolled out an update to fix it just two days after finding out, so if you haven’t updated your browser yet, you’ll want to do it now.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Google remains tight-lipped about the vulnerability
Google hasn’t revealed how the vulnerability affects users or how hackers are exploiting it. That’s probably because the company doesn’t want to give threat actors any ideas and also wants to give users enough time to update their Chrome browser.
“Until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” the company said.
Tracked as CVE-2024-7971, Google has described it as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” according to a description of the bug in the NIST National Vulnerability Database (NVD).
In simple terms, this vulnerability allows hackers to take control of your Chrome browser on your desktop by tricking it with a fake HTML page. If successful, they could steal your data or install malicious software, all without your knowledge.
The vulnerability was found and reported by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) on August 19.
We contacted Google requesting comment, and a representative confirmed that Google has issued an update to patch this issue.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Update Google Chrome to stay protected
Google has updated the Chrome stable channel to 128.0.6613.84/.85 for Windows and Mac, plus 128.0.6613.84 for Linux. The update should download to your PC automatically, but you are advised to check and restart the browser to ensure it installs. See the steps below to learn how.
How to update Chrome
- Open Google Chrome on your computer
- Click on the three dots in the top-right corner
- Select Help
- Click About Chrome
- Chrome will automatically check for updates. If an update is available, it will download and install it.
- Click Relaunch to complete the update process.
The vulnerability is unlikely to affect mobile devices. Still, you can update Chrome via the Google Play Store (Android) or App Store (iOS) by searching for Chrome and tapping Update if available.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
3 additional ways to protect your privacy
While updating Chrome should fix the vulnerability, below are some security tips you can follow to further bolster your privacy and security.
1) Have strong antivirus software: Hackers often gain access to devices by sending infected emails or documents or tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threat before it can take over your device or router.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Recognize urgent requests as potential scams: Always be wary if someone is urgently requesting you to do something like send money, provide personal information, or click on a link—chances are it’s a scam.
3) Use strong and unique passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts. Get more details about my best expert-reviewed Password Managers of 2024 here.
ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS
Kurt’s key takeaway
Staying ahead of security threats is a constant battle for tech companies, and Google is no exception. The swift response to this latest vulnerability shows the company’s commitment to protecting its users, but it also highlights how important it is to keep your software up to date. If you haven’t updated Google Chrome yet, don’t wait any longer—cybersecurity is a race against time, and every second counts.
How often do you update your browser—do you wait for a prompt, or do you check manually? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.