SANS ISC shares an awareness that attacks using “Fake Browser updates” continue to circulate & are so realistic they can deceive even experienced users.  These attacks when successful can implant malware or listening agents to gleam personal information from users.  Updates to browsers are usually most silent in nature (or when notified use well established safe procedures like “help/about” update techniques within browser itself

SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware.  Although this activity has continued into 2020, I hadn’t run across an example until this week.