By Thom Langford, Security Advocate at SentinelOne
Thom Langford, Security Advocate at SentinelOne
The official announcement by Google in mid-June reveals only a few details and is actually already patched – when using version 91.0.4472.114, the browser is already updated and can – according to Google – be used safely.
However, there are two problems that arise from this situation. First, the number of devices using the Google Chrome browser is about two billion. So, the probability that each of these devices will be patched is small. Depending on how the vulnerability can be exploited, there could be a huge number of computers and other devices that could be compromised at any time using malware.
So-called zero day exploits involve previously unknown vulnerabilities in the software code, which cybercriminals can exploit unnoticed for their activities if they have discovered the vulnerability before the manufacturer. This seems to have been the case with the current case, according to Google. Often, by the time these vulnerabilities become known, patches are already publicly available to close the gap. Without knowing the full details of the Zero Day, it could be a vulnerability that has little to no impact in practice. Most of what we’ll hear from this is the original Google blog post and reactions to the incident.
In fact, users who maintain even a basic level of cyber hygiene on their computers and regularly patch them to new versions should be more concerned about what Google does with their data.