- Google Chrome, is said to be under attack via a zero-day exploit, and although the exact number of users affected has not been disclosed, those "targeted and compromised" have reportedly been notified by Microsoft.
- The National Information Technology Development Agency (NITDA), through its Emergency Readiness and Response Team (CERRT), alerted the public on the identified security vulnerability, tagged CVE-2024-7971, saying it is currently being actively exploited by attackers to target online users.
- Google Chrome users are therefore advised to immediately update to the latest version and ensure their browser is up to date by applying the update if available.
Additionally, users of Chromium-based browsers such as Brave, Microsoft Edge, Opera, and Vivaldi are also advised to apply the necessary updates as soon as they become available.
The identified vulnerability is classified as a type confusion flaw in Chrome’s V8 JavaScript engine, related to how Chrome handles JavaScript files. According to NITDA, this flaw could allow attackers to run harmful programs on devices that have not been updated.
“The vulnerability enables attackers to potentially take full control of affected systems by exploiting memory corruption caused by misinterpretation of data types.”
“This could allow attackers to bypass security protocols and measures, execute malicious code, and even cause system crashes. The vulnerability is particularly dangerous because it can be triggered simply by visiting a malicious site,” NITDA explained.
However, aside from the vulnerability CVE-2024-7971 which was under active exploitation, a second vulnerability, CVE-2024-7965 had also come under attack.
Forbes cited that a North Korean hacking group called Citrine Sleet, known for targeting financial institutions and cryptocurrency users, is behind the Chrome hack.
Cyberattacks are on the rise, and can lead to breaches that not only compromise critical information but also result in financial losses for affected entities.
In April 2024, Flutterwave lost ₦11 billion due to a security breach, during which the perpetrators illegally transferred ₦11 billion ($7.2 million) to several accounts in small amounts that would not trigger fraud checks.
Efforts to tackle cybersecurity in Nigeria include NITDA’s plan, announced in July 2023, to collaborate with the Chartered Institute of Forensic and Certified Fraud Investigators of Nigeria (CIFCFIN) to launch a cybersecurity lab in 2024.
Let the best of tech news come to you
Give it a try, you can unsubscribe anytime. Privacy Policy.
In May 2024, the Lagos State Government also announced the launch of a Cybersecurity Operations Centre (CSOC) to enhance digital safety and protect the state’s infrastructure from cyber threats.