Warning: Upgrade to Google Chrome 99.0.4844.74 and above

[German]In mid-March 2022, Google developers updated the Chrome browser to version 99.0.4844.74, fixing 11 security vulnerabilities (see Chrome 99.0.4844.74 fixes 11 vulnerabilities). Microsoft Edge has also received a security update (Microsoft Edge 99.0.1150.46 released). Now German Cyber Security agency BSI has issued a warning urging people to upgrade. And North Korean hackers have exploited a vulnerability in Google Chrome closed in February 2022 to attack targets.


Advertising

BSI warning with upgrade notice

The Federal Office for Information Security (BSI) warns in the following tweet that users should upgrade the Google Chrome browser to version 99.0.4844.74, but does not give a direct reason.

BSI-Warnung mit Upgrade-Hinweis zum Chrome

I had listed the vulnerabilities, some of which are rated critical or high, around post Chrome 99.0.4844.74 fixes 11 vulnerabilities. In this German article, the BSI writes older versions of the Google Chrome browser before version 99.0.4844.74 have several vulnerabilities that allow code execution. It says: "A remote, anonymous attacker can exploit multiple vulnerabilities in Google Chrome to execute arbitrary program code, cause a denial of service condition, or cause other effects."

Chrome vulnerabilities exploited by hackers

The Google Chrome browser and its vulnerabilities are a risk to internet users. The colleagues from Bleeping Computer report in the following tweet as well as in this article that the vulnerabilities have already been exploited by North Korean hackers.

Attacks on Chrome

Google had indicated in mid-February 2022 in this Chrome 98.0.4758.102 article that the RCE vulnerability CVE-2022-0609 was already being exploited in the wild through an exploit. According to Bleeping Computer, North Korean state hackers exploited this 0-day remote code execution vulnerability in the Google Chrome web browser for more than a month until a patch was available. The exploit was distributed to victims via phishing emails – clicking on a link in the Chrome browser was already enough for an attack.   


Advertising

The attacks targeted more than 250 people from 10 different news media and IT companies. The targeted individ uals received emails with fake job postings purporting to be from recruiters at Disney, Google and Oracle. The emails contained links that included legitimate job search websites such as Indeed and ZipRecruiter, but pointed to infected sites. Victims who clicked on the links were shown a hidden iframe tag that triggered the exploit kit. The analysis with the details can be found on here within an article from a security company.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in browser, Security, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *