Google has warned that owners of PC’s runningt Windows 7 which is an OS still popular with retailers are at risk from a “serious” bug that could let malicious hackers take over their computer,.
The big search Company and arch Microsfot rival has warned that online thieves are “actively exploiting” the vulnerability by combining it with a separate flaw found in the Chrome browser.
Google has issued an update for its Chrome web browser to close the loophole they claim to have seen evidence that criminal hackers had found a way to make attack code jump from Chrome into other applications to help them compromise a machine.
Microsoft is still working on the problem with insiders tipping that the fix will be wrapped around a marketing campaign to get Windows 7 users to upgrade to a paid Windows 10 offering.
The Windows flaw exists in core elements of the operating system that are supposed to stop data in one program interacting with anything outside that application.
A patch has been produced for Chrome and users should ensure that they have updated their browser to close the loophole, said Google engineer Justin Schuh.
“Seriously, update your Chrome installs… like right this minute,” he tweeted.
The serious nature of the flaw in Chrome meant the software had to be shut down and re-started for the patch to take effect, he added.
“To date, we have only observed active exploitation against Windows 7 32-bit systems,” wrote Clement Lecigne from Google’s threat analysis group in a blog exploring the flaw.
One way to avoid falling victim was to upgrade to Windows 10, said Mr Lecigne.
Microsoft has not given a date for when its patch for Windows 7 will be released, but said it would be “as soon as possible”. Millions of machines still run Windows 7 despite it being almost 10 years old.
Writing on the Sophos security blog, Paul Ducklin said: “There doesn’t seem to be a workaround, but if you make sure you’re up-to-date, you don’t need one because the bug will be squashed.”