As hackers target Google Chrome app downloads, here’s what you need to know.
Update, Feb. 9, 2025: This story, originally published Feb. 7, has been updated with news of more security issues, this time for users of the Chrome operating system itself.users that has had an amazingly positive impact so far.
But before you get too excited, and sorry to introduce a downer into the proceedings, security experts are warning about an ongoing threat that targets people looking to download the Google Chrome web browser app. Here’s what you need to know.has reported how ongoing hack attacks have lead to a “sophisticated, multi-stage malware named ValleyRAT,” and employ a drive-by download strategy to hook victims looking for theapp. All you need to know is that a drive-by download is one that the user authorizes without actually knowing the reality of what is being downloaded. To achieve this, Uzan said, it has observed the attackers using “phishing emails, malicious websites, and instant messaging platforms.” In the latest such attack, Uzan noted, the threat actor “created a domain and website designed to impersonate a Chinese telecom company named Karlos,” to deliver the malware app.Jamie Akhtar, CEO at CyberSmart, said that while the ValleyRAT malware itself is well-established malware, having first been observed back in 2023, what makes these latest attacks notable is the sophistication it appears to have developed in terms of techniques used and targets chosen. “The campaign is explicitly targeted at finance, sales and accounting professionals due to their proximity to sensitive data, rather than the ‘spray and pray’ approach of earlier campaigns,” Akhtar said. Acknowledging that it appears the current campaign is aimed squarely at Chinese users, Akhtar said others should not be apathetic toward the threat. “If there’s one thing for certain about cybercriminals, it’s that someone will copy this approach and apply it to Western companies.” As such, Akhtar concluded, “we urge anyone working in a role processing high-value sensitive data, like sales or accounting, to be extra vigilant when downloading tools like browsers or browser extensions.” "Downloading software always carries a risk, especially if the individual downloading the software is not confirming that they are downloading from an official site,” Erich Kron, security awareness advocate at KnowBe4, said, “the practice of hosting malicious binaries, then poisoning Google search results through paid ads or other methods, can be quite effective.” Kron warned that with anything as critical as an internet browser, especially Google Chrome which is the most popular browser client on the planet, it’s vitally important to take precautions to ensure it doesn’t come with malicious surprises. “This means making sure that the software is downloaded from the legitimate publisher site and not a third party,” Kron concluded, “care must be taken when choosing your browser and any add-ons." I have reached out to Google for a statement. It’s not just these latest drive-by download attacks that Chrome users, more than three billion of them, need to be aware of: security vulnerabilities in the browser also need to be addressed. It’s been a hectic few months for Chrome browser security vulnerability warnings, with new ones appearing week after week. The latest,CVE-2025-0444 is a high-rated vulnerability impacting the Skia browser component. CVE-2025-0445 is another high-rated vulnerability but this time impacting Chrome’s V8 javascript rendering engine.Now, Google has confirmed that hundreds of millions of its own ChromeOS ecosystem users can’t escape from the vulnerability threats. “A new LTS-126 version 126.0.6478.264 is being rolled out for most ChromeOS devices,” Andy Wu from the Google ChromeOS team, hasCVE-2025-0438 is another high-rated vulnerability, this time a stack buffer overflow in the Tracing component. So, make sure that your copy of Chrome, browser or operating system, is up to date. Luckily, Google automates the process, but your browser will need to be activated after the update, so checking it out by way of the Help|About Google Chrome menus is always recommended.Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Chrome Hack Chrome Attack Valleyrat Drive By Attack Cybersecurity Browser Hack Chrome Browser Security Morphisec
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
New Google Leak Reveals Much-Needed Google Photos Feature UpgradeGoogle Photos' Photo Stacks Feature could be getting a much-needed upgrade, giving users manual control over stacking.
Read more »
Google Tests AI-Powered Feature to Tame Annoying Website Pop-Ups in ChromeGoogle is experimenting with PermissionsAI in Chrome Canary, an AI-driven system designed to predict and manage website pop-up requests for location access and notifications.
Read more »
Troubleshooting Chrome Security Update FailuresLearn how to fix common issues preventing Google Chrome security updates from installing successfully.
Read more »
New Google Chrome Security Warning For 3 Billion Users—Act NowGoogle has issued a high-severity security warning for billions of Chrome browser users across Windows, Mac, Linux and Android—don’t ignore it, act now to stay safe.
Read more »
Google Bolsters Chrome Extension Security for BusinessesGoogle introduces new features to enhance Chrome browser extension management for IT administrators, aiming to protect against cyber threats and improve user experience.
Read more »
Google Adds Much-Needed New Google Photos Library FeaturesGoogle Photos now lets you hide content from other apps and customize what you see.
Read more »