Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Stay updated with the latest Chrome security features, vulnerabilities, and updates to safeguard your information online.
Search across headline titles and summaries.
Background for this topic.
Chrome is a web browser that processes and displays web content, executing complex web applications through its rendering engine and JavaScript runtime. Its architecture includes sandboxing techniques to isolate web pages and extensions, limiting their ability to affect the underlying system. Chrome’s extension framework allows third-party add-ons, which can introduce security risks if they request excessive permissions or contain malicious code.
Security concerns focus on vulnerabilities in Chrome’s engine or sandbox that could enable remote code execution or privilege escalation. Malicious or compromised extensions may access sensitive data or inject harmful scripts, making permission management critical. Timely patching of browser updates and monitoring for zero-day exploits are essential to maintain security, while features like site isolation help contain attacks originating from compromised web content or extensions. Understanding these aspects is key for protecting users from browser-based threats.
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices
The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [...]
Google has announced it will soon allow organizations to create their own curated "Enterprise Web Store" of company-sanctioned browser extensions for Chrome and ChromeOS, aimed at improving productivity, security, and management for businesses. [...]
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.