Google Chrome may be the world's most popular browser, but its vast user base also makes it a prime target for cybercriminals.

Security experts are warning Chrome users to be extra vigilant, as fake browser updates are being used to trick unsuspecting victims into downloading malware.

According to security firm Proofpoint, there has been an increase in so-called 'ClearFake' attacks, where users are lured into clicking fake notifications to update their browsers.

With its 65 per cent share of the desktop browser market, Chrome has a massive bullseye on its back.

Google Chrome users were warned about fake browser updates that trick users into downloading malware. Credit: Proofpoint

So how does it work? The attackers compromise legitimate websites and then plant fake browser update alerts on the site.

When visitors try to access content, a pop-up appears, urging them to download the latest Chrome version. If they click this pop-up, malware is automatically installed in the victim’s device, which can steal personal data.

Researchers from the firm have even seen these fake updates translated into different languages to match the user's browser. And it's not just Chrome being impersonated—Microsoft Edge and Firefox popups have also been reported.

'The fake browser update lures are effective because threat actors are using an end user's security training against them,' Proofpoint Threat Expert Dusty Miller explained.

Essentially, the criminals exploit the standard advice we're given—only update software from trusted sources. By hijacking real sites, the alerts seem authentic.

These attacks are doubly dangerous because they're so convincing. The fake popups use JavaScript code to quietly check details in the background, then overlay the target site with an update prompt.

To the user, it appears to be the same website they intended to visit, suddenly asking them to upgrade to Chrome.

In this way, the attackers undermine our cybersecurity training for their own gain. We've been taught to keep software updated and only to trust notifications from legitimate vendors—so an in-context alert on a website we trust seems valid.

Compromised sites that could trigger such attacks run the gamut from search engines and social networks to news sites and direct website visits. Proofpoint also reported phishing emails circulating with infected links.

So, how can Chrome users protect themselves against these increasingly sophisticated scams?

The number one rule is never to manually update your browser based on website popups or prompts. Google Chrome will take care of updates automatically in the background. You should also double-check the URL of any site asking you to download new software.

If you want peace of mind that your Chrome browser is up to date, follow these steps:

1. Click the Settings icon in the top right corner, represented by three vertical dots.
2. Select 'Settings' from the drop-down menu.
3. Click 'About Chrome' in the left sidebar menu.
4. This will check if Chrome is up to date. If a new version is available, you'll get a prompt to download directly within the browser.

Google Chrome’s latest version can be found in the ‘About Chrome’ section. Credit: Senior Discount Club

As of writing, Google Chrome’s latest version is 118.0.5993.89. Your browser should be automatically updated by Google.

By routinely checking ‘About Chrome’ under your browser Settings, you can safely confirm you're running the latest version.

Staying secure online means being on high alert for cyber scams—even seemingly 'good advice' could be a threat actor exploiting your better judgement.

Be especially wary when prompted to download anything within an existing website.

When in doubt, go directly to the software vendor to verify. Don't let criminals trick you into compromising your most used apps.

Key Takeaways

• Security experts are warning of an increase in fake browser update attacks, tricking users into downloading malicious software.
  
• The latest attack, named ClearFake, sits on infected websites and prompts users to update their browsers, leading to the installation of malware designed to steal personal details.
  
• Browsers like Google Chrome, Microsoft's Edge and Firefox have been targeted, with Chrome being the most attractive due to its large market share.
  
• To update Google Chrome safely, users are advised to navigate through the settings in their existing browser, which will inform them of any available updates without the risk of downloading malware.
  

Have you checked your Google Chrome, members? What do you think of this story? Let us know in the comments below!

 

[Luckyus]

Google Chrome may be the world's most popular browser, but its vast user base also makes it a prime target for cybercriminals.

Security experts are warning Chrome users to be extra vigilant, as fake browser updates are being used to trick unsuspecting victims into downloading malware.

According to security firm Proofpoint, there has been an increase in so-called 'ClearFake' attacks, where users are lured into clicking fake notifications to update their browsers.

With its 65 per cent share of the desktop browser market, Chrome has a massive bullseye on its back.

View attachment 32691

Google Chrome users were warned about fake browser updates that trick users into downloading malware. Credit: Proofpoint

So how does it work? The attackers compromise legitimate websites and then plant fake browser update alerts on the site.

When visitors try to access content, a pop-up appears, urging them to download the latest Chrome version. If they click this pop-up, malware is automatically installed in the victim’s device, which can steal personal data.

Researchers from the firm have even seen these fake updates translated into different languages to match the user's browser. And it's not just Chrome being impersonated—Microsoft Edge and Firefox popups have also been reported.

'The fake browser update lures are effective because threat actors are using an end user's security training against them,' Proofpoint Threat Expert Dusty Miller explained.

Essentially, the criminals exploit the standard advice we're given—only update software from trusted sources. By hijacking real sites, the alerts seem authentic.

These attacks are doubly dangerous because they're so convincing. The fake popups use JavaScript code to quietly check details in the background, then overlay the target site with an update prompt.

To the user, it appears to be the same website they intended to visit, suddenly asking them to upgrade to Chrome.

In this way, the attackers undermine our cybersecurity training for their own gain. We've been taught to keep software updated and only to trust notifications from legitimate vendors—so an in-context alert on a website we trust seems valid.

Compromised sites that could trigger such attacks run the gamut from search engines and social networks to news sites and direct website visits. Proofpoint also reported phishing emails circulating with infected links.

So, how can Chrome users protect themselves against these increasingly sophisticated scams?

The number one rule is never to manually update your browser based on website popups or prompts. Google Chrome will take care of updates automatically in the background. You should also double-check the URL of any site asking you to download new software.

If you want peace of mind that your Chrome browser is up to date, follow these steps:

1. Click the Settings icon in the top right corner, represented by three vertical dots.
2. Select 'Settings' from the drop-down menu.
3. Click 'About Chrome' in the left sidebar menu.
4. This will check if Chrome is up to date. If a new version is available, you'll get a prompt to download directly within the browser.

View attachment 32692

Google Chrome’s latest version can be found in the ‘About Chrome’ section. Credit: Senior Discount Club

As of writing, Google Chrome’s latest version is 118.0.5993.89. Your browser should be automatically updated by Google.

By routinely checking ‘About Chrome’ under your browser Settings, you can safely confirm you're running the latest version.

Staying secure online means being on high alert for cyber scams—even seemingly 'good advice' could be a threat actor exploiting your better judgement.

Be especially wary when prompted to download anything within an existing website.

When in doubt, go directly to the software vendor to verify. Don't let criminals trick you into compromising your most used apps.

Key Takeaways

• Security experts are warning of an increase in fake browser update attacks, tricking users into downloading malicious software.
• The latest attack, named ClearFake, sits on infected websites and prompts users to update their browsers, leading to the installation of malware designed to steal personal details.
• Browsers like Google Chrome, Microsoft's Edge and Firefox have been targeted, with Chrome being the most attractive due to its large market share.
• To update Google Chrome safely, users are advised to navigate through the settings in their existing browser, which will inform them of any available updates without the risk of downloading malware.

Have you checked your Google Chrome, members? What do you think of this story? Let us know in the comments below!

Think I'll go back to pen and paper.