Security experts have discovered a fake web certificate for Google websites doing the rounds in the wild.
The fraudulent web certificate for Google.com allows hackers to impersonate Google websites like Gmail.
According to The Register, the fake SSL certificate has been issued by DigiNotar; a Netherlands based digital certificates company.
The certificate is valid for *.google.com, allowing hackers to attack Google users who visit web pages on networks controlled by the hackers, The Register explains. The SSL certificates are used to prove that the website users are visiting are genuine and not fraudulent.
The certificates came into light when a Google user from Iran got a warning from his Chrome web browser about the certificate being a fake.
“A Chrome security feature warned the user of the invalid certificate and blocked them from visiting the attacker's site. We're pleased that the security measures in Chrome protected the user and brought this attack to the public's attention. While we investigate, we plan to block any sites whose certificates were signed by DigiNotar,” Google said in a statement, CNET reports.
"I expect this type of attack to become somewhat commonplace in time," said Roel Schouwenberg, senior researcher at Kaspersky Lab.