Google Issues Emergency Security Warning For 3.2 Billion Chrome Users

[zasad@]

Google Issues Emergency Security Warning For 3.2 Billion Chrome Users—Attacks Underway
https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergency-security-update-for-32-billion-chrome-users-attacks-underway/

"Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.

The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses a single security vulnerability. A fact that only goes to emphasize how serious this one is."

https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

[vv181]

It seems that the vulnerability also affected across all Chromium-based browsers. I see that Brave and Edge also already addressed the issue [1][2]. So if someone using a chromium-based browser, you should have update it to the latest version available.

[1] https://github.com/brave/brave-browser/blob/master/CHANGELOG_DESKTOP.md#136122
[2] https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-26-2022

[Lucius]

Another good reason why not to use this browser, because attackers attack it the most due to the number of users, which obviously becomes its weakness. For those who value their privacy, it is far better to use Firefox or Tor.

[Findingnemo]

It seems that the vulnerability also affected across all Chromium-based browsers. I see that Brave and Edge also already addressed the issue [1][2]. So if someone using a chromium-based browser, you should have update it to the latest version available.

[1] https://github.com/brave/brave-browser/blob/master/CHANGELOG_DESKTOP.md#136122
[2] https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-26-2022

I am a chromium user, so its time for me to update but what is the actual vulnerability caused by this attack, I don't have any wallet installed on the device where I am using this browser just for the sake of browsing and sometimes bitcointalk because of its smooth and sleek UI.

[vv181]

~what is the actual vulnerability caused by this attack, I don't have any wallet installed on the device where I am using this browser just for the sake of browsing and sometimes bitcointalk because of its smooth and sleek UI.

I don't know. Pretty much Chrome developers themselves haven't yet fully disclosed what is the risk of the vulnerability.

Neither I also don't know much about what a high severity CVE could potentially possess. But here's some rough information that I got about that:

Severity Level: High

Vulnerabilities that score in the high range usually have some of the following characteristics:

    The vulnerability is difficult to exploit.
    Exploitation could result in elevated privileges.
    Exploitation could result in a significant data loss or downtime.

[dansus021]

i also heard about this news, and i just quickly update but i dont know the detail of the attack is hacker can steal the password or anything else

Another good reason why not to use this browser, because attackers attack it the most due to the number of users, which obviously becomes its weakness. For those who value their privacy, it is far better to use Firefox or Tor.

and yes many people prefer firefox but chrome had advantage especially in speed that i think chrome is way faster than firefox

[Stalker22]

I am a chromium user, so its time for me to update but what is the actual vulnerability caused by this attack, I don't have any wallet installed on the device where I am using this browser just for the sake of browsing and sometimes bitcointalk because of its smooth and sleek UI.

The exploit is rumored to affect Metamask and some other browser-based wallets, which are vulnerable to being hacked due to a security flaw allowing unauthorized JavaScript code execution.

Brave released an "Upgraded Chromium to 99.0.4844.88" on March 26, 2012, with a patch (emergency update: Stable version 99.0.4844.84) for a vulnerability in the Chromium browser.
https://brave.com/latest/

Vivaldi released a minor update (5) for Vivaldi Desktop Browser 5.1 (this update includes a security fix from the Chromium project) with "Chromium upgraded to 98.0.4758.141 (fixes CVE-2022-1096)".
https://vivaldi.com/blog/desktop/minor-update-five-5-1/

At the moment, Opera has not released updated version of their browser, and has not even acknowledged that the vulnerability exists.

[GreatArkansas]

This is a very huge effect on most browser users, especially those people who are deeply involved in Web3/ Decentralized Finance (DeFi) / NFT.
Because as we all know there are a lot of cryptocurrency wallets now that are in the browser like in a browser extension on in some websites, that's why it is very prone to this recent google issue.

[bill gator]

Hearing about stories similar to this in the past would cause me concern, but with consistent compromises for years on our biggest and most secure systems I can only conclude that this is business as usual.

The only real solution that I have been able to utilize myself is limiting exposure; have as few accounts as possible and treat them as if they're always under attack.

Google Issues Emergency Security Warning For 3.2 Billion Chrome Users

According to their stats from 2021, 3.2 billion users is every user.