Once again, the tech giant advised its 2.6billion users to delete Chrome after publishing a new blog post revealing four “high” rated vulnerabilities.
Google‘s threat analysis group (TAG) said hackers “created malformed code signatures” that would be considered as “valid by Windows” but could not be detected by OpenSSL code used in security scanners.
TAG discovered that the OpenSUpdater line of software utilizes this new technique.
Described as riskware, OpenSUpdater shows ads on victims’ browsers and then installs unwanted programs into their PCs.
Most of the targeted victims of OpenSUpdater attacks are US-based users prone to downloading cracked games.
The latest warning comes after Google advised its users about a security flaw in the browser that hackers could exploit on Monday.
While Google has maintained that it is working hard to protect users’ security, cyber experts say it’s time to leave Chrome behind.
This year, the company disclosed the latest in a string of security flaws in a September 24 blog post.
The post confirmed that Chrome’s 11th “zero-day” exploit of the year was found and impacted Linux, macOS, and Windows users.
Google reportedly kept the hack details under wraps to protect users after in-house employees discovered the flaw.
According to Forbes, it was revealed just weeks after Google admitted it “accidentally” allowed the secret tracking of millions of users.
At the heart of Google’s latest tracking trouble is the roll-out of a new Chrome API that detects and reports when a user is “idle” or not actively using their device.
“This feature, which we only expect to be used by a small fraction of sites, requires the site to ask for the user’s permission to access this data,” Google told Forbes.
“It was built with privacy in mind and helps messaging applications deliver notifications to only the device the user is currently using.”
