Google Chrome is currently facing a serious security threat due to a zero-day exploit identified as CVE-2024-7971. While the number of affected users has not been disclosed, Microsoft has reportedly notified those who have been “targeted and compromised.”
The National Information Technology Development Agency (NITDA), through its Emergency Readiness and Response Team (CERRT), has issued a public alert regarding this vulnerability.
NITDA has advised all Chrome users to update their browsers immediately. This includes users of Chromium-based browsers such as Brave, Microsoft Edge, Opera, and Vivaldi. Keeping browsers updated is crucial to avoid falling victim to this exploit, which attackers are currently using to target online users.
The identified vulnerability is a type confusion flaw in Chrome’s V8 JavaScript engine, responsible for handling JavaScript files. NITDA warns that this flaw could enable attackers to execute harmful programs on devices that haven’t been updated. By exploiting this weakness, attackers could potentially take full control of affected systems.
NITDA explained that the flaw allows memory corruption due to data type misinterpretation, which attackers can use to bypass security protocols, execute malicious code, or even cause system crashes. The risk is particularly high because the vulnerability can be triggered simply by visiting a malicious website.
In addition to CVE-2024-7971, another vulnerability, CVE-2024-7965, has also been reported under active exploitation. A North Korean hacking group known as Citrine Sleet, notorious for targeting financial institutions and cryptocurrency users, is believed to be behind the Chrome hacks.
Cyberattacks are on the rise globally, and their impacts can be devastating. These attacks not only compromise critical information but also cause financial losses. In April 2024, Flutterwave, a Nigerian fintech company, lost ₦11 billion due to a security breach where perpetrators illegally transferred the funds in small amounts to avoid detection.
To tackle the growing cybersecurity threats in Nigeria, NITDA has announced plans to collaborate with the Chartered Institute of Forensic and Certified Fraud Investigators of Nigeria (CIFCFIN) to launch a cybersecurity lab in 2024, aimed at strengthening the country’s digital security infrastructure.