Thousands of Google employees joined a coordinated worldwide walkout in 2018 to protest the US tech giant's handling of sexual harassment
Thousands of Google employees joined a coordinated worldwide walkout in 2018 to protest the US tech giant's handling of sexual harassment AFP / Lionel BONAVENTURE

Google Chrome users may not be aware of it, but hackers could be downloading malware to their computers and taking full control of their devices. The zero-day vulnerability could be invading their system without resistance.

How Does the Zero-Day Vulnerability Invade Google Chrome Devices?

Kaspersky recently declared that they have discovered a zero-day vulnerability called the Operation WizardOpium. The said bug can lead to the Google Chrome powered device completely controlled by hackers. What’s worse is that hackers could even download malware directly to the users’ device.

The attackers first launched the bug on a Korean news website. The visitors of the said site unknowingly open a door for a third-party site to load a certain script. The said script then begins checking on the device and invading once it finds the computer conducive for a malware attack.

Who Are Vulnerable to Operation WizardOpium?

The attackers designed the Operation WizardOpium to target only those devices running on Google Chrome versions 65 up to the most recent releases, according to Kaspersky. Users whose devices are running on older versions of Chrome are completely free from the risk.

The vulnerability automatically checks the Chrome version installed on the device under attack. If it detects the versions older than version 65, the bug operation ends right then there.

However, if upon checking and the bug identifies the device to be running on Chrome 76 or Chrome 77, Operation WizardOpium will execute its next task. The bug will then run a code to download and launch a malware attack against the target device.

What Does Google Have To Say?

Kaspersky already informed Google about the problem according to their statement. Google on the other hand positively responded to the issue by releasing a fix; Chrome version 78.0.3904.87.

How Do We Get The Fix?

Since the Chrome version 78.0.3904.87 is not automatically downloaded and installed, users who wish to be free from the Operation WizardOpium must download the said fix. The solution, on the other hand, is available devices powered by macOS, Linux and Windows.

Kaspersky suggests that all Google Chrome users must have their devices patched now or be subject to a zero-day vulnerability later and be sorry.