Billions of Internet users are exposed to the risk of cyberattacks due to a security flaw affecting Chromium-based Internet browsers, adding Google Chrome and Microsoft Edge, on Windows, Mac and Android.
Gal Weizman, PerimeterX’s security researcher, revealed a vulnerability that allowed hackers to circumvent the Content Security Policy (CSP) of websites.
Avoiding CSP means that attackers can access user knowledge and insert malicious code into Internet sites in vulnerable browsers that, in addition to Chrome and Edge, come with Brave, Opera and Vivaldi on operating systems.
In a blog post, Weizman explained that the hackers failed to “completely circumvent CSP regulations in Chrome 73 (March 2019) to 83 (July 2020)” versions.
He said: “To better perceive the scope of this vulnerability, potentially affected users amount to billions, Chrome has more than two billion users and more than 65% of the browser market on the one hand, and some of the most popular sites. on the Internet is vulnerable to this [vulnerability] on the other hand.”
Weizman went on to say that CSP is “the number one approach used by online page owners to enforce knowledge security policies and prevent it from running malicious hidden codes on their online page, so that when you can pass the browser application, users are not in danger.”
Basically, CSP allows domain directors to specify which other domain names can contribute to scripts that can be run on an Internet page. This is an effective way to block cross-site scripts and other common browser-based attacks.
But because of this flaw, high-level users like “Facebook, Wells Fargo, Gmail, Zoom, TikTok, Instagram, WhatsApp, Investopedia, ESPN, Roblox, Indeed, Blogger and Quora” are exposed to cyberattacks.
If a hacker were to try to take advantage of this problem, he would have to break into the server of a specific Internet site, make adjustments to JavaScript Internet pages, and insert malicious code.
Weizman added: “Apart from the sites discussed above (representing more than 2.5 billion users), it is prudent to estimate that thousands of Internet sites in other sectors, adding e-commerce, banking, telecommunications, government and utilities, have not been from a situation in which hackers have controlled to inject it with malicious code.”
The flaw was constant with Chromium 84, released on July 14. If you haven’t updated your Chromium-based browser since then, do so now.
Click the menu icon in the most sensitive right corner of your browser window, scroll to the Help segment and hover over the mouse, then Zoom in from the drop-down menu. (Some browsers have the About segment as standalone). This will require your browser to be updated.
In addition to Brave, Chrome, Edge, Opera and Vivaldi, other Chromium-based browsers come with Amazon Silk and the Yandex browser.
“It is vital that we make it as complicated as possible for those at risk of hacking our accounts or borrowing our information,” Jake Moore, an ESET security specialist, told Tom’s Guide Jake Moore. “Like many robberies, criminals will focus first on other people with minimal security or lack of awareness, as it is much less difficult to achieve the culmination at hand.”
“Using unique and secure passwords and making sure your browser is up to date can mitigate many attacks like this,” Moore recommends. “By protecting yourself with a password generator for all your accounts, it will be incredibly difficult for hackers to fight. Force your way in.
Get instant access to the latest news, reviews, offers and helpful tips.
Thank you for signing up for Tom’s Guide. You will soon receive a verification email.
There’s a problem. Refresh the page and re-consult.
Tom’s Guide is from Future plc, a foreign media organization and a leading virtual publisher. Visit our corporate website.