Google recently gave Chrome users a reason to quit its browser altogether, but for the millions who inevitably choose to stay, they now need to react quickly to a serious new upgrade warning.
02/26 Update: today ZDNet has revealed another crucial upgrade in Google’s new Chrome 80 release: a switch to the AES-256 algorithm to hash passwords stored locally inside Chrome’s internal SQLite database. This severely impacts the ability of hackers to extract passwords from the browser and ZDNet reports that black markets are already running out of hacked data to sell as a result. Needless to say, when one door closes cyber criminals will look to open another but, for now, Chrome 80 can chalk up an important win making this upgrade even more important.
This switch to AES-256 has resulted in Chrome-saved passwords having a different format than they had before. Albeit tiny inside Chrome’s huge codebase, this small change has crippled AZORult’s ability to extract passwords from Chrome browsers.
In response, Google has released Chrome 80.0.3987.122 with patches for all three exploits and users around the world should be receiving update warnings in their browsers right now. If you haven’t you can trigger the update process manually by going to the three-dot menu in the top right corner of Chrome > Help > About Google Chrome.
This is Chrome’s third zero-day vulnerability in a year (a relatively low number), but when they come they need to be taken seriously. As such, if you are the type of person who typically ignores Chrome’s nagging when updates come along, today is a day you really need to pay attention.
So kudos to Google for reacting quickly, but if you’re reading this article in Chrome you now need to do the same.
Follow Gordon on Facebook
More On Forbes