[Njtechdiv] Chrome alert

Mario Brusco mrb620 at hotmail.com
Wed Mar 13 15:02:34 UTC 2019 

Google strongly advises Windows 7 users to upgrade due to Chrome 
zero-day attacks
https://www.komando.com/happening-now/553498/google-strongly-advises-windows-7-users-to-upgrade-due-to-chrome-zero-day-attacks

By Francis Navarro, Komando.com

If your computer is still on Windows 7, listen up!
Google is now recommending Windows 7 holdovers to upgrade their systems 
to Windows 10 to protect their systems from two nasty zero-day bugs that 
attackers are already actively exploiting.

Remember, we told you about the previously unknown Google Chrome 
security flaw yesterday.
https://www.komando.com/happening-now/553108/zero-day-attacks-found-in-google-chrome-update-your-browser-now

  Note: To ensure that your Chrome browser is protected from this 
zero-day, please double check if you are already in its latest version, 
72.0.3626.121.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Chrome normally updates itself automatically after you restart it, but 
since the update contains a fix for an ongoing attack, please double check.

To check your version, click the Chrome menu that looks like three dots 
on the far upper-right hand corner of the screen >> Help >> About 
Chrome. If your version is not up to date, Chrome will automatically 
download it for you. Restart your browser to install it.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Although Google already released a patch to fix this particular Chrome 
zero-day exploit last week, it appears that hackers are pairing this 
with another zero-day bug that is believed to be only exploitable on 
Windows 7 machines.

Attackers can then use this security flaw to escape a Windows 7 system's 
sandboxing protections and run malicious code. Google said that even 
with the latest Chrome patch, Windows 7 machines could still be impacted 
by this exploit.

"We strongly believe this vulnerability may only be exploitable on 
Windows 7 due to recent exploit mitigations added in newer versions of 
Windows," Google wrote. "To date, we have only observed active 
exploitation against Windows 7 32-bit systems."

As of this writing, there's still no patch for this Windows 7 zero-day 
bug so as "mitigation advice," Google recommends that users upgrade to 
Windows 10 and apply patches as soon as they become available.

Clement Lecigne, the Google researcher credited for the discovery of the 
flaw, wrote that in line with Google's vulnerability disclosure policy, 
the vulnerability was reported to Microsoft as soon as it was found.

And also in line with its policy, Google has publicly disclosed the 
existence of the flaw since it is a serious security issue that is 
already being actively exploited in targeted attacks.

In response, Microsoft said that they are currently working on a fix. 
However, there's still no word on when the patch will arrive.

In the meantime, to protect yourself from the latest zero-day attacks, 
it's best to refrain from using your 32-bit Windows 7 machine until 
Microsoft confirms the rollout of the patch. Or better yet, take 
Google's advice and upgrade to Windows 10 immediately.

More information about the NJTechDiv mailing list