Update Google Chrome now as hackers discover four new security vulnerabilities
Updated September 28, 2024: This article, originally published on September 27, includes details about the ChromeLoader threat campaign that hijacks browsers.
The 3.45 billion users of the Chrome web browser must be wondering what’s going on this month, with not one, but two major security updates in just 10 days. This time, it appears that only people using Chrome on iOS were spared by hackers. The iOS browser has been updated, but there are no security warnings. However, the same cannot be said for Chrome browser users on Windows, Linux, Mac, and Android platforms, where four high-severity security vulnerabilities have been identified. Here’s what you need to know and do:
Top-rated security flaws fixed in Google Chrome 129.0.6668.70/.71 for Windows, Mac, Linux, and Android users
It shouldn’t be too surprising that Google issues a security update for its Chrome browser. After all, the company’s position as the market leader in such apps means there are plenty of malicious eyes. However, it is unusual for two security updates, each addressing multiple vulnerabilities, to be released within just 10 days of each other. The last security update that fixes six vulnerabilities with severity ratings was released on September 17th, but only one of them was rated high. All four vulnerabilities are now rated High, so users of all operating system platforms except iOS are urged to update as soon as possible.
A stable channel update post for desktop users of the Chrome web browser, and a separate post for users of the Android platform, for Chrome browser versions 129.0.6668.70/.71 for Windows and Mac, 129.0.6668.70 for Linux, and 129.0 release has been announced. .6668.70 for Android users.
As is established practice, updates will begin rolling out within a few days, but the exact details of the vulnerabilities found will not be made public until the majority of Chrome browser users have had a chance to protect themselves by updating. yeah. .
Four high-severity Chrome security vulnerabilities
Here are the security issues resolved in this latest Chrome browser update and what we know so far.
- CVE-2024-9120: Dawn, an open source graphics processing mapping embed used in Chrome, has a use-after-free vulnerability.
- CVE-2024-9121: Chrome’s open source high-performance JavaScript and WebAssembly engine, V8, has an improper implementation vulnerability.
- CVE-2024-9122: This is also a type confusion vulnerability in V8 engines.
- CVE-2024-9123: An integer overflow vulnerability exists in the open source Skia 2D graphics library.
How to make sure your Chrome web browser is up to date and secure
The user can select[ヘルプ]|[バージョン情報]We recommend that you update your Google Chrome browser by going to Options. If an update is available, the download will begin automatically.
Update Chrome now
However, it is important to restart your browser after installing security updates. Otherwise, you will not be protected by new security patches.
ChromeLoader exploit hijacks web browsers
According to the latest HP Wolf Security Threat Insights Report for September 2024, threat actors are using ChromeLoader web browser malware in large-scale and accomplished attacks. ChromeLoader itself is not new, but the latest campaign is “more sophisticated” than those seen in the past, allowing attackers to effectively hijack web browser sessions and expose users to malicious attacks. The HP Wolf report warns that you can be redirected to -Managed site. The latest ChromeLoader attack campaign uses malicious advertising (often shortened to malvertising) to trick potential victims into visiting websites offering free productivity tools. has been confirmed to be used. A particularly common destination for these fraudulent ad clicks are sites with PDF converters.
Part of the polish mentioned above regarding the ChromeLoader campaign appears to include the creation of a fake company associated with a fake website. This method allows an attacker to use a genuine code-signing certificate against malware disguised as PDF software. This allows it to bypass Windows security policies during installation, making it less likely to be detected by anti-malware protection.
Google has a support page that offers help in dealing with unwanted ads and malware, and Malwarebytes has a lot of information on ChromeLoader and how to remove it, dating back to 2022. Be sure to search the Malwarebtyes forum for more information.
