Are Chrome’s Zero-Day Threats Actually a Good Thing?
With Google Chrome being one of the most popular web browsers out there, it’s no surprise that threats want to target it and take advantage of its users. However, up until recently, there have not been very many zero-day threats associated with Chrome. Zero-day threats are attacks that have never been seen before, affecting a new and previously unknown vulnerability. We want to remind you that it’s not always a bad thing when vulnerabilities are discovered in a browser or web application—in fact, it can actually be indicative of good monitoring practices.
Google Chrome’s History with Zero-Day Threats
For some context, let’s examine Google Chrome’s history with these zero-day threats, or rather, lack thereof. From the years of 2015 to 2018, there were no zero-day exploits actively used against Google Chrome, but the numbers have since increased over time. 2020 saw 14 zero-day threats, half of which were used against Google Chrome. 2021 saw an even greater number, with Google Project Zero’s tracking system identifying 25 zero-day threats, 14 of which belonged to Google Chrome.
While this might seem like a problem at first glance, the fact that vulnerabilities were not discovered before does not mean that they didn’t exist between 2015-2018. All it means is that most of them are getting caught and fixed now instead of flying under the radar, and this is a good thing.
Why Are There More Zero-Day Threats Now?
Why do experts think that zero-day threats are being discovered more often in Chrome? The reasons, according to Adrian Taylor of Google Chrome’s Security Team, are as follows:
- Greater transparency between browser developers: Google Project Zero gives developers 90 days to fix the vulnerability before disclosing it, so if not, the public will eventually learn of it.
- The end of support for Adobe Flash Player: Adobe was a popular mode of attack, but it has since left hackers with their only option being to attack the browser directly.
- An increase in bugs required to attack the browser: There are more layers to break through, so more bugs are required, leading to more vulnerabilities to discover.
- Browsers are more complex: With more complexity comes more bugs, and web browsers are no exception to this rule.
You can apply this idea to your business’ security infrastructure, too. After all, if you are not currently suffering from security problems, that doesn’t mean they don’t exist. We recommend that you take a close look at your security infrastructure and ensure that you are doing all you can to keep your business safe.
Plus, you will need to make sure that you are appropriately patching your systems as threats are discovered. No software solution will be immune to threats, so you should be addressing vulnerabilities as they appear; it sure beats doing it after a data breach.
To this end, Indevtech can help. To learn more, reach out to us at (808) 529-4605.