Skip to main content

Google Chrome Zero-Day Vulnerability Can Hijack Your Browser

Chrome browser on desktop displaying Chrome logo.
(Image credit: Footage Vector Photo/Shutterstock)

If you're using Google Chrome right now, you should make sure your browser is patched. If not, you could be subject to a serious zero-day vulnerability.

Security researchers at Kaspersky have discovered a zero-day vulnerability that leaves Chrome users open to a malicious attack that could see hackers take full control over the machine and download malware to the computer. Worst of all, the exploit was in the wild before anyone knew about it, and millions could have been at risk.

Called Operation WizardOpium, the exploit is surprisingly sophisticated. According to Kaspersky, the flaw was first injected into a Korean news website. When people visited the site, a script from a third-party site would load and see whether the machine was one worth attacking. According to Kaspersky, the attackers designed the code to only attack Windows machines running Chrome versions 65 or newer.

Once that was determined, the malware would download to the machine and check again to see whether the person was using Chrome 76 or Chrome 77. If not, it wouldn't load or cause any harm. If it was, it would then move into its next phase of running code that would download malware to the computer.

Zero-day exploits are the most concerning of flaws affecting software. They mean that a security problem is in the wild and the software maker hasn't yet released a fix. Users, therefore, are left without any protection and need to hope they don't fall victim to the attack.

According to Kaspersky, it informed Google about the flaw, and the company has already issued a fix. That fix is Chrome version 78.0.3904.87, according to Kaspersky. And if you're not running it, you should download it now. It's available for Windows, macOS, and Linux.