We realize that it’s one thing for us to tell you how important it is to update your software. After all, we’re tech guys, so we worry about that kind of thing all the time. Hopefully, it’s quite another matter when Homeland Security does it, which is why we’re really hoping that you take heed of this warning and update Google Chrome.
So far this month, there have been no fewer than five vulnerabilities patched in the Chrome web browser, all of which have been zero-day threats.
A zero-day threat is one that attackers have begun to leverage before a software developer or security researcher has managed to identify it. As a result, the attacker using a zero-day attack has the advantage of an early start, leaving the vendor playing catch-up. This makes zero-day threats particularly dangerous to begin with.
What’s worse, the last two zero-day threats that influence Chrome have been deemed to be high severity attacks. While the full details of these threats have not yet been released to the public, we do know that CISA—the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency—has stated that the vulnerabilities these threats are composed of could enable an attacker to take over an affected system. One of them, tied to a JavaScript engine, would most likely be used in a phishing attack, while the other is more likely to be a corruption vulnerability in one of Chrome’s features.
Regardless, these vulnerabilities have already been spotted in active use, and so CISA is also encouraging users to apply the updates that Google has released to resolve these issues.
Let me ask you this: if the front door of your business suddenly couldn’t be locked properly, would you just leave it like that and hope for the best, or would you fix it immediately?
Either one of these vulnerabilities are akin to the broken lock, and too many users unwittingly elect to take the first option. For instance, when Google mitigated one of these vulnerabilities with an update, only half of Android users updated their version of Chrome within a day. Whether this is simply negligence or the use of an out-of-date device, it leaves serious vulnerabilities open to attack.
As a managed service provider, The Connection, Inc is here to help. Part of our service is to ensure that these kinds of patches and fixes are applied in an appropriately timely manner. If you need assistance with securing your business’ IT or with any other aspect of your technology management, reach out to us to find out what we can do for you. Call (732) 291-5938 today.
Comments