Google discovered six safety flaws in Chrome, including one particularly serious. Already operated by cybercriminals, it can allow computer control to be taken with rigged instructions sent to the GPU. Google advises to install an emergency update.
Google indicates that it has discovered Six vulnerabilities within Chrome. Among the gaps identified, there is above all a Zero Day type fault. This is a flaw that has been exploited by cybercriminals before Google can publish a correction.
Vulnerability is relative to Almost native Graphics Layer Engine (angle), a software library developed by Google. The fault occurs when angle, which is responsible for helping the browser to display images and animations using the graphics card (GPU), does not check correctly The instructions received.
De facto, malicious and rigged data can pass without being detected. A pirate can therefore send dangerous instructions to the browser, which can then bypass Google protections. With these instructions, the attacker can take control of the computer. To carry out an attack, the pirate must use a html trapped page, which hides instructions for the GPU.
Read also: 11 malicious chrome extensions were downloaded by 1.7 million Internet users
A 5ᵉ chrome flaw operated by the pirates
According to Google researchers, cybercriminals have already served by the breach To carry out attacks. Débusked by researchers from the Threat Analysis Group (TAG) of Google, the flaw was not detailed for security reasons.
The Mountain View giant indicates that “Access to details of vulnerabilities and associated links can be limited as long as the majority of users have not installed the fix”. The other flaws can also lead to the execution of code arbitrarily on the Google browser, paving the way for cyber attacks.
It is Already the fifth vulnerability Zero Day Discovered in the Chrome code this year. Less than two weeks ago, Google announced that it had corrected a fourth Zero Day flaw in just a few months.
Read also: Google Chrome’s performance has never been so good
Emergency update for Chrome
To correct the shooting, Google has deployed an emergency update of the browser, stamped 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux. The update will be deployed “In the coming days/weeks”explains the company in its security bulletin.
As always, we recommend that you install the update urgently. Go to About Google Chrome and click on Relaunch To finish the installation. Restart Chrome regularly to have the latest updates. For more simplicity, activate the automatic updates.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Google blog