Google has issued a warning for Google Chrome users to update to the newest version of the popular web browser due to several vulnerabilities, including a zero-day exploit in the wild.
In a Monday blog post announcing bug fixes to Chrome 80, Google warned of three high-level security vulnerabilities.
One vulnerability, CVE-2020-6418, is a zero-day exploit exists in the wild, Google said.
Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.
On Wednesday, ZDnet reported on another small but important upgrade in the browser that impacts the ability of cybercriminals to extract passwords from Chrome.
According to ZDNet, this small change has had a crippling effect on the Genesis Store, a black marketplace that sells stolen digital credentials.
According to new research shared with ZDNet this week by threat intelligence firm KELA, the Genesis Store is currently going through a rough patch, seeing a 35% drop in the number of hacked credentials sold on the site.
KELA says Genesis administrators are scrambling to fix their inventory deficit and feed the store with new credentials before customers notice a drop in new and fresh listings.
If they don’t address the issues caused by the new Chrome 80 update, the store’s entire future hangs in the balance.
Now, the AZORult malware doesn’t even work in Chrome 80, ZDNet reported.
With Chrome 80, Google switched to using the AES-256 algorithm to hash passwords stored locally inside Chrome’s internal SQLite database.
This switch to AES-256 has resulted in Chrome-saved passwords having a different format than they had before. Albeit tiny inside Chrome’s huge codebase, this small change has crippled AZORult’s ability to extract passwords from Chrome browsers.
If you haven’t already, upgrade your Chrome web browser, as hackers will seize on the opportunity to exploit these vulnerabilities once bug fixes are published.