Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims.

Researcher this campaign has now expanded to also target those who speak Korean, Spanish, and Japanese. Additionally, Bleeping Computer notes that some of the affected sites include news, stores, and adult portals. The attackers are likely to be primarily targeting sites based on vulnerability rather than content served. As a result, it’s difficult to predict where these bogus updates will appear next.

How the fake update attack works

Once a website is compromised, malicious JavaScript runs a script when an unsuspecting visitor lands on the page. If you’re deemed to be an “acceptable” target for the attack, then more scripts are downloaded and a fake update lies in your immediate future.

Potential victims are shown what appears to be a genuine web browser error of some sort, from inside the browser window. It says:

UPDATE EXCEPTION

An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update.

ERR_INSTALL_INTERRUPT