NJCCIC – Google Chrome Alert [Windows Only]

What We Know:

There is a security flaw in the Google Chrome browser that would let Cyber attackers run harmful programs on your computer. If this flaw is exploited, an attacker could take control of both Chrome and potentially the entire computer.

The attacker could install programs, change or delete files, or even create new computer accounts with full access. The attacker could also steal data stored in your browser, including any stored passwords, and steal data from your computer. To stay safe, make sure your browser and computer software is up to date.

How Does the Attack Work?

An email is sent to users with a malicious link. This could be a registration form to an event, an invitation to view a website, or other forms of unsolicited emails. If a Windows user with a Google Chrome browser clicks on the malicious link their machine gets infected with no additional action from the user.

What You Can Do:

• Do not ignore the update messages on your MSU managed devices
• Apply all Google Chrome updates and operating system updates on your personal device
• Do not interact with links within emails if you were not expecting the email

Want to Know More:

Kaspersky | Operation ForumTroll: APT attack via zero-day vulnerability

The Hacker News | Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Forbes | Google Confirms Chrome Attack Warning—What You Do Now

Bleeping Computer | Google fixes Chrome zero-day exploited in espionage campaign