US cyber officials have issued a 72-hour deadline for Google users to update Chrome to patch active vulnerabilities.
The exploits let hackers remotely gain access to a system using bugs in the memory, allowing them to collect personal data without the user knowing.
The Cybersecurity and Infrastructure Security Agency (CISA) added both threats to its Known Exploited Vulnerabilities list, mandating government staff update Chrome by September 18 to receive fixes.
The agency, however, issued the alert to the public, urging them to adhere to the same timeline in order to protect their devices.
Google Chrome users should update their browser immediately to avoid hackers corrupting their login credentials and stealing personal information
‘Chrome checks for new updates regularly, and when an update is available, Chrome applies it automatically when you close and reopen the browser,’ Google shared.
But for users who haven’t opened the browser in some time, the tech giant is urging them to do so.
Once opened, close Chrome and reopen to ensure you have the latest version.
Users can check which update they have by selecting the More bottom in the top right, clicking Help and then About Google Chrome.
If you do not see the Update Google Chrome button, you have the latest version.
Google also issued a warning to users after two vulnerabilities were exploited last month, which allowed hackers to corrupt Chrome using a fraudulent HTML page.
And at least one of the attacks has been attributed to North Korean crypto hackers called Citrine Sleet.
Google has since assured users that its ‘revamped Safety Check feature will now run automatically in the background on Chrome, taking more proactive steps to keep you safe.’
The feature also informs users if it takes any actions to protect them against potential hackers, including removing permissions granted to sites that aren’t frequently visited or used and ‘flagging potentially unwanted notifications.’
Although the attacks centered around Chrome, the threat impacts Edge users too, all of whom should download the update to their browsers and restart it to guarantee it was installed.
Hackers using HTML malware to infiltrate the user’s system is ‘a new technique used by stealers to force victims into entering credentials into a browser, allowing them to be stolen from the browser’s credential store using traditional stealer malware,’ according to OALABS Research who first disclosed the issue.
Chrome’s Safety Check tool will run in the background to prevent hackers from accessing information and will notify users of any manual security updates
The malware worked by overriding the computer’s system and putting a Google sign-in page in a full-screen view that would freeze the computer until the user entered their credentials.
Once entered, they’re stored on a disk in the browser’s credential store that can serve as a window for hackers to use malware to steal login passwords and other personal information.
It will also remind users if there is a security issue that they need to manually address and will regularly scan for security bug fixes and software updates.
If Chrome has not been updated to the latest version by the September 18 deadline, the CISA has recommended that users stop using the browser.