Google Chrome is a widely used and popular web browser, and because of its popularity, it is a common target for hackers. A recent study showcases how there are more zero-day threats being discovered for Google Chrome, but don’t despair; it might not be a bad thing for your favorite web browser. Instead, it could signify exactly the opposite.
Google Chrome’s History with Zero-Day Threats
For a little bit of context, let’s take a look at the numbers associated with zero-day threats and Google Chrome. Between the years of 2015 and 2018, there were no zero-day exploits in the wild, but the numbers have gradually increased over the years. 2020 saw 14 zero-day threat exploits in the wild, half of which belonged to Google Chrome. 2021 saw even greater numbers, with Google Project Zero’s tracking system finding 25 zero-day threats exploited in the wild, with 14 of them targeting Google Chrome.
Simply put, the lack of attacks in the past does not signify that there were not any vulnerabilities during the years of 2015-2018. It just means that more of them are getting caught and fixed now, which should be interpreted as a good thing.
Why Are There More Zero-Day Threats Now?
So, what are the reasons experts believe more zero-day threats are being discovered for Chrome? Let’s take a look at what the reasons are, as outlined by Adrian Taylor of Google Chrome’s Security Team:
- Greater transparency between browser developers: Google Project Zero gives developers 90 days to fix the vulnerability before disclosing it, so if not, the public will eventually learn of it.
- The end of support for Adobe Flash Player: Adobe was a popular mode of attack, but it has since left hackers with their only option being to attack the browser directly.
- An increase in bugs required to attack the browser: There are more layers to break through, so more bugs are required, leading to more vulnerabilities to discover.
- Browsers are more complex: With more complexity comes more bugs, and web browsers are no exception to this rule.
On a similar note, just because you are not currently experiencing any security problems with your business’ IT, doesn’t mean that there are not serious problems wrong with your current security infrastructure. We recommend that you take a deep dive into your security and ensure that you are doing all that you can to protect your business from the countless threats out there, known and unknown.
Furthermore, you should always be patching your systems as threats are discovered. Unfortunately, no software solution is perfect, so you might be addressing problems periodically throughout the software’s life cycle. Be sure to address these vulnerabilities before you are addressing a data breach.
Nexela can help with this effort. To learn more about how we can perform a comprehensive security audit and patch your system’s vulnerabilities, reach out to us at (215) 525-3223.