A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and parent company Google recommends users to deploy a patch as soon as possible.
The bug was discovered by the Center for Internet Security, who writes that governments might be the primary target of any potential attack.
The vulnerability requires users to visit a malicious website, at which point an attacker could attempt to run arbitrary code with the final goal of taking control of the device.
“Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights,” the advisory reads.
“Desktop browser affected, mobile versions secure”
All versions of the browser are affected, and these include Google Chrome for Windows, Linux, and macOS. Mobile versions of the browser are secure, so users on Android and iOS are not exposed.
Versions prior to 76.0.3809.132 are at risk, according to the advisory, and a patch is already available, with Google recommending its deployment as soon as possible.
The advisory indicates there is a “high” risk for large and medium government entities and large and medium businesses, while the flaw received a “medium” severity rating for small government agencies and small businesses. The vulnerability is rated with a “low” score for home users.
At the time of writing this article there are no specifics as to whether the security flaw is actively exploited by any hacking group.