- Google again reveals the latest security threats rated ‘High’ in its Chrome web browser — with vulnerabilities affecting users across all major operating systems
- Experts reckon that it’s far too easy for hackers to keep exploiting insidious zero-days, as firms are not doing a good job of permanently shutting down flaws and loopholes
Once again, Chrome security has been compromised for the third time this month, and all 2.65 billion users were told to be on high alert, after Google confirmed multiple new high-level hacks of the browser. The alert came on the heels of Chrome’s 12th and 13th recorded ‘zero day’ exploits of the year.
To top it off, there were also four other serious vulnerabilities reported less than two weeks ago. The most recent one, per Google’s latest blog post, involved five vulnerabilities rated ‘High’, alongside 11 other flaws. The search engine behemoth’s standard practice in such scenarios is to buy time for Chrome users to upgrade, as Google restricts information about new hacks.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” is the company’s default stance each time there is a hack.
Hackers are infiltrating Google Chrome too often
The saga of never-ending zero-day hacks is emblematic of a much bigger problem in cybersecurity, according to research from Maddie Stone, a security researcher at Google. “It’s far too easy for hackers to keep exploiting insidious zero-days because companies are not doing a good job of permanently shutting down flaws and loopholes,” she said.
Stone is also a part of Project Zero, a Google security team. In her research, she spotlights multiple examples of this in action, including problems that Google itself has had with its uber-popular Chrome web browser.
She reckons that across the industry, “Incomplete patches are making it easier for attackers to exploit users with zero-days. We’re not requiring attackers to come up with all new bug…