The good news: at a recent security conference, Google Chrome got kudos as the hardest to browser hack. The bad news: a new hack is targeting possibly overconfident Chrome users and tagging them with malware.
The good news: at a recent security conference, Google Chrome got kudos as the hardest to browser hack. The bad news: a new hack is targeting possibly overconfident Chrome users and tagging them with malware.The Pwn2own hacking competition at last month's CanSecWest named Google Chrome as the toughest to hack of four browsers -- the others were Microsoft Internet Explorer 7, Mozilla Firefox 3, Apple Safari 4 (Firefox and IE7 were tested on XP systems, Safari on OSX).
Toughest in the competition, but not invulnerable: a Chrome-targeting trojan is now making the rounds.
The Chrome attack poses as an e-mail invite to download a Chrome extension aimed at helping impose order on e-mail.
The link in the e-mail is a redirect, of course, one that lands the user on a fake Chrome extensions page, from which malware is downloaded that cuts the user off from Google (and Yahoo).
Instead of being able to reach Google or Yahoo proper, users are further redirected to phony, malware-laden sites.
Tipoff to the scam is the initial download's use of a .exe extension, whereas legit Chrome extensions are .crx
The fact that the crooks are making an effort to target Chrome indicates that they perceive critical -- and thus profitable -- mass building for the browser.
Which makes it critical that if any of your users are running Chrome, make sure they're aware of the attack and its characteristics.
Make sure as well that they know that Chrome, while plenty tough, isn't impervious to attacks.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024