Here is the rewritten content:
Google has issued an emergency update for its Chrome browser on Microsoft Windows after the discovery of a critical zero-day exploit being actively used. This has prompted urgent warnings from cybersecurity experts and government agencies.
The vulnerability, uncovered by Kaspersky earlier this month, involves a sophisticated malware attack that can infect users simply by clicking on a malicious email link. Kaspersky warned of a “wave of infections by previously unknown and highly sophisticated malware,” emphasizing that “no further action was required to become infected” beyond clicking the initial link.
## Google Acknowledges Exploit
According to a Chromium release, Google has updated the stable channel to 134.0.6998.177/.178 for Windows, which will roll out over the coming days/weeks. This update includes 1 security fix, the company added. However, Google is keeping the bug details and links restricted until a majority of users are updated with a fix.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” the company added.
## CISA Warning to Chrome Users
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning, urging users to update Chrome immediately and, if an update is not feasible by April 17, to “discontinue use of the product.” This mandate applies to federal employees, but CISA’s guidance is strongly recommended for all organizations, both public and private, regardless of size.
“Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera,” CISA said.
India’s cyber agency Cert-In has also asked users in India to update their browsers, citing the severity as ‘Critical’. “A vulnerability has been reported in Google Chrome which could allow a remote attacker to bypass Google Chrome sandbox protection on the targeted system,” Cert-In said.
Meanwhile, Kaspersky said that “this exploit is certainly one of the most interesting we’ve encountered,” noting that it allowed attackers to bypass Chrome’s sandbox protection “as if it didn’t even exist.” Mozilla has also issued a warning, acknowledging a similar vulnerability in its Firefox browser.
## Publication Details
## Join the Community
Join the community of 2M+ industry professionals
Subscribe to our newsletter to get latest insights & analysis.
Download ETCISO App
- Get Realtime updates
- Save your favourite articles
Scan to download App
Source Link
