Tag Archive for: Chrome’s

How Google is addressing Chrome’s big security loophole

/in


Google Chrome icon in mac dock.
PixieMe / Shutterstock

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

As of Wednesday, the brand has rolled out Google Chrome 116, which includes the new schedule. Previously a bi-weekly update, Chrome will now be treated to weekly security updates.

With the open-source nature of Chromium, anyone is able to access the Chrome browser source code, “submit changes for review, and see the changes made by anyone else, even security bug fixes,” Google said on its security blog.

Typically, community members from Google’s Canary and Beta channels notify the brand of various issues of stability, compatibility, or performance that can be addressed before stable updates are sent to the public. This openness is double-edged; however, as bad actors have the same access as good-faith users, allowing them real-time details on vulnerabilities before updates are deployed to a wide range of public users. If taken advantage of, such an attack is called an n-day exploitation.

This is why Google hopes shortening the time between security updates can assist in deterring nefarious users from gaining information about vulnerabilities in Chromium code. Usually, the time between security updates is used for testing prior to a public release. Google first observed this to be an issue in 2020 when its patch gap between updates was approximately 35 days. It then shifted to a biweekly update schedule with the release of Chrome 77.

The brand noted this latest schedule still won’t deter all n-day exploits but can minimize them further. In practice, more frequent security updates offer less time for bad actors to exploit flaws that require detailed paths and more development time. Over time, there is also the likelihood that bad actors will find ways to create faster exploits.

There is also the possibility that the frequency of security updates could eventually truncate even more, with patches being deployed as soon as they’re available.

Google stated it now…

Source…

Google Scrambles to Fix Chrome’s Second Zero-Day Exploit in Just Days!

/in


Google Chrome Users Beware: Zero-Day Vulnerability Exploited | Update NOW!

Google Chrome Users Beware: Zero-Day Vulnerability Exploited | Update NOW!

In a shocking development, Google has rushed to release an emergency fix for yet another high-severity zero-day exploit in its Chrome web browser . The flaw, known as CVE-2023-2136, is a result of an integer overflow in Skia, an open source 2D graphics library, which was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) on April 12, 2023 .

Double Trouble: A Second Zero-Day Exploit

This is the second Chrome zero-day vulnerability exploited by malicious actors this year, coming hot on the heels of Google patching CVE-2023-2033 just last week . It remains unclear whether the two exploits have been used in tandem as part of in-the-wild attacks.

Patch it up, Folks!

Google has urged users to upgrade their browsers to version 112.0.5615.137/138 for Windows, 112.0.5615.137 for macOS, and 112.0.5615.165 for Linux in order to mitigate potential threats . Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they become available .

Act Now or Regret Later!

In light of these alarming events, it’s crucial for users to stay vigilant and take action by updating their browsers to the latest versions. Don’t let your digital lives fall into the hands of cunning cybercriminals. Stay one step ahead and protect your online presence!

Source…

How to Use Google Chrome’s Enhanced Safety Mode

/in


As soon as you dip a virtual toe in the online waters, you’re exposing yourself to danger, whether from suspicious links, dodgy downloads, data harvesters, or something else. The good news is that our web browsers have evolved to become more secure and savvy.

If Google Chrome is your browser of choice, you have access to an Enhanced Safe Browsing mode, which you might not be aware of: It’s essentially what it sounds like, an extra layer of protection that you’re able to switch on if you want to be as cautious as possible.

Why wouldn’t it be on by default? Well, when it’s on, you’ll share more data with Google about where you go and what you do online—data that Google says is only kept temporarily before being anonymized, but you can’t be blamed for feeling like you’ve already given Google enough data as it is.

How Enhanced Safe Browsing Works

Suspicious downloads can be sent to Google, if you want.

Courtesy of Google

Enhanced Safe Browsing is for “users who require or want a more advanced level of security while browsing the web,” Google says. For example, it uses what Google knows about past security issues to preemptively block new security threats that might not have been cataloged yet.

More checks will be carried out on extensions you install and downloads you initiate. You’ll get the option to send files flagged as suspicious to Google for further inspection if you’re not sure about them. This might mean waiting a little longer to install something, but this extra caution reduces the risk of getting caught out by malware.

The Enhanced Safe Browsing mode works on top of the security measures already built into Chrome. For example, as standard, the browser checks sites you visit against a list of URLs known to be dangerous—a list that’s updated every 30 minutes. Turn on the additional security protections, and Chrome uses machine learning models to recognize bad sites even if they’re not on the latest list.

Google says Enhanced Safe Browsing is also better able to thwart hacking attempts against your Google account by monitoring a broader range of signals. By default, it’ll also check to see if your email addresses and passwords are included in any data breaches leaked out on the…

Source…