Chrome was hiding another major zero-day flaw

Chrome
(Image credit: Shutterstock)

Users of Google Chrome have been warned to watch their security protection following the uncovering of a new zero-day in the popular browser.

Security researchers from Kaspersky have detected a new vulnerability that can hijack a user's browser to inject malware that could lead to their entire system being put at risk.

The attack targets users of the Korean-language version of Chrome, both in South Korea and overseas, potentially leaving millions of customers at risk.

Exploit

The attack used a waterhole-style exploit to inject malicious JavaScript code into the Chrome main page. This then uses a profiling script to analyse the victim's system and user credentials to see if version 65 or later of Chrome is installed.

The researchers say that the attack, which it named Operation WizardOpium, bears a number of similarities to the hugely damaging Lazarus attacks which swept the globe last year.

"The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Kaspersky says it has informed Google of its findings, and a patch has been released. The company is urging users to install the patch as soon as possible and ensure their security software remains updated to the latest version.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does