Billions of Internet users are under threat of cyber attacks due to a security flaw affecting Chromium-based web browsers on Windows, Mac, and Android, including Google Chrome and Microsoft Edge

Gal Weizman, a security researcher at PerimeterX, disclosed a vulnerability that allows hackers to circumvent the content security policies (CSPs) of various websites

Circumventing the CSP means that an attacker can access user data or insert malicious code into a website on a vulnerable browser

Weitzman explained in a blog post that the flaw would allow hackers to "completely bypass Chrome's version 73 (March 2019) through 83 (July 2020) CSP rules"

He said: "To better understand the magnitude of this vulnerability - there are billions of potentially affected users, Chrome has over 2 billion users, on the one hand, accounting for over 65% of the browser market, on the other hand some of the most popular sites on the web are vulnerability)"

Weitzman further explained that CSPs are "the primary method used by website owners to enforce their data security policies to prevent the execution of malicious shadow code on their websites, so when browser enforcement is bypassed, personal user data is exposed," he explained

Essentially, CSPs allow domain administrators to specify which other domains can serve executable scripts on their web pages This is an effective way to block cross-site scripting and other common browser-based attacks

However, because of this flaw, "Facebook, Wells Fargo, Gmail, Zoom, TikTok, Instagram, WhatsApp, Investopedia, ESPN, Roblox, Indeed, Blogger, Quora Users of high-profile websites are at risk of cyber attacks

If hackers wanted to take advantage of this problem, they would have to break into the target websites' servers, make changes to the JavaScript of the web pages, and insert malicious code

Wiseman added, "In addition to the above sites (representing over 25 billion users), thousands of websites across industries including e-commerce, banking, telecommunications, government, and utilities were left unprotected from a scenario in which hackers successfully injected malicious code and estimated to be safe," he added

The flaw was fixed in Chromium 84, released on July 14; if you have not yet updated your Chromium-based browser, do so now

Click the menu icon in the upper right corner of the browser window, scroll to the "Help" section, hover your cursor over it, and select "About" from the slide-out menu (Some browsers have a separate "About" section) You will then be prompted to update your browser

In addition to Brave, Chrome, Edge, Opera, and Vivaldi, Chromium-based browsers include Amazon Silk and the Yandex browser

Jake Moore, a security specialist at ESET, told Tom's Guide, "It's important to make it as difficult as possible for threat actors to break into our accounts and steal our information As with most thefts, criminals first target those with minimal security or low awareness"

"Using unique, strong passwords and making sure your browser is up to date will help mitigate many such attacks," Moore recommends

"Protecting yourself with password generators for all your accounts makes it much harder for hackers to break in through brute force