Google Releases Critical Chrome Security Update – 16 Million Medical Scans Found Online with No Cyber Security Credit Cards Hacked from City Web Portals
Google Releases Critical Chrome Security Update
An update to Chrome web browser this week patches a critical cyber security vulnerability. An update to Chrome’s stable channel for Windows, Mac, and Linux makes the current version 77.0.3865.90 for the desktop version of Chrome.
The update began rolling out on 18 September 2019 to users worldwide this Wednesday. Once users have had time to patch the majority of machines, Google will release more details about the four vulnerabilities.
Chrome 77.0.3865.90 version patches security one critical and three high-risk security vulnerabilities. The critical cyber security vulnerability could allow hackers to remote control a machine.
Chrome Web Browser Vulnerabilities
- Critical CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani on 2019-09-05
- High CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-20
- High CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28
- High CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon Tiszka on 2019-09-02
Chrome notifies users of a queued updates. For machines that are set to update automatically, Chrome will update to version 77.0.3865.90 as soon as the patch rolls out to them
How to Update Chrome Manually
- Open Chrome web browser
- Tap the three dots in the upper right corner or the Chrome window
- Select Help from the menu
- Select About Google
16 Million Medical Scans Found Online with No Cyber Security
Medical images of millions of people were found online by cyber security researchers at ProPublica. The exposed records belong to five million patients in the U.S. and millions more worldwide. About sixteen million images were found all together. The highly personal information was accessible using commonly available software or a web browser.
Even more concerning is that the records also contained the identity of the patient as well as corresponding private information including birthdate, physician information, and medical procedures received
About 187 web servers used to store patient medical data were found by ProPublica and the German broadcaster Bayerischer Rundfunk to be unprotected by passwords or basic cyber security protocols.
The data and images are from medical imaging tests used in doctors’ offices, medical-imaging centers, and mobile X-ray services. The diagnostic images including X-rays, MRIs, CT scans as well as others. Anyone with an internet connection and basic computer skills could access the information.
Credit Cards Hacked from City Payment App
Over 20,000 payment card records were hacked from Click2Gov payment portals in eight U.S. cities spanning five states. For some cities, this is the second time they’ve been hacked in two years. The credit card numbers were already found for sale on sale the dark web.
Click2Gov was developed by CentralSquare Technologies, and gives municipalities the technology to let people to pay utility bills, parking tickets, and other municipal services online.
According to CentralSquare the vulnerability is patched.
Click2Gov Data Breaches History
This is a second round of cyber attacks that for Click2Gov.
In 2018, over 48 municipalities reported hackedClick2Gov payment portals. During that round of cyber attacks CentralSquare Technologies stated that only self-hosted software was hacked.
As of December 2018, over 300,000 Card Not Present payment cards were for sale on the dark web. In other words, hackers did not need to have the physical card to complete a transaction. Additional data breaches were reported through 2019 March.
In this second round of cyber attacks on Click2Gov payment portals, researchers found 20,000 more payment card records on the dark web. The credit cards are connected to eight cities in five states all of which are using Click2Gov. Six of the cities were part of the group that was hacked last year.
