Skip to main content

Chrome security flaw could leave all users at risk

(Image credit: Image Credit: Earl Jeffson / Flickr)

A new vulnerability has been discovered in Google Chrome, which could potentially put more than half of all internet users at risk.

Imperva’s security researcher Ron Masas said he had found a flaw in all browsers running the Blink engine, which includes Chrome and Opera. And that amounts to more than 58 per cent of the entire internet population.

Apparently, the flaw uses “side channel methodology” and abuses filtering functions in websites. That can allow hackers access to private information from users.

Here’s how the researcher explains it:

“The bug in question makes use of the Audio/Video HTML tags to generate requests to a target resource.

By monitoring the progress events generated by these requests, it grants visibility into the requested resource’s actual size. As we found out, this information can then be used to “ask” a series of yes and no questions about the browser user, by abusing filtering functions available on social media platforms like Facebook.”

Google was notified of the flaw and patched it in its Chrome 68 release, so if you’re using Chrome, you might want to check which version you have, and update accordingly.  

“The flaw we discovered could have serious implications to Google Chrome users as it puts their personal data at risk of being accessed by those with malicious intent. Attackers could establish the exact age or gender of a person, as it is saved on Facebook, regardless of their privacy settings. We reported the vulnerability to Google as soon as we had a clear understanding of its impact and the Chrome team has since responded with a patch for its users,” said Ron Masas, security researcher at Imperva.

The full blog post can be found on this link (opens in new tab).

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.