Google Chrome users were warned to monitor their security as a result of the discovery of a new zero-day in the popular browser.
Kaspersky security researchers have detected a new vulnerability that could bypass a user's browser and allow it to inject malicious software, potentially putting their entire system at risk.
The attack targets users of the Korean version of Chrome, both in South Korea and abroad, potentially putting millions of customers at risk.
feat
The attack used a waterhole exploit to inject malicious JavaScript into Chrome's home page. This operation then uses a profile script to analyze the victim's system and user identification information to determine if Chrome version 65 or later is installed.
Investigators say the attack, which it called Operation WizardOpium, bears several similarities to the extremely devastating Lazarus attacks that swept the world last year.
"The discovery of a new zero-day in the nature of Google Chrome demonstrates once again that only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, can protect us from sudden and hidden attacks, threatened, "said Anton Ivanov, security expert at Kaspersky.
Kaspersky reported its results to Google and a review was released. The company asks users to install the patch as soon as possible and to ensure that their security software is up to date with the latest version.