With Google Chrome being one of the most popular web browsers out there, it’s no surprise that threats want to target it and take advantage of its users. However, up until recently, there have not been very many zero-day threats associated with Chrome. Zero-day threats are attacks that have never been seen before, affecting a new and previously unknown vulnerability. We want to remind you that it’s not always a bad thing when vulnerabilities are discovered in a browser or web application—in fact, it can actually be indicative of good monitoring practices.
For some context, let’s examine Google Chrome’s history with these zero-day threats, or rather, lack thereof. From the years of 2015 to 2018, there were no zero-day exploits actively used against Google Chrome, but the numbers have since increased over time. 2020 saw 14 zero-day threats, half of which were used against Google Chrome. 2021 saw an even greater number, with Google Project Zero’s tracking system identifying 25 zero-day threats, 14 of which belonged to Google Chrome.
While this might seem like a problem at first glance, the fact that vulnerabilities were not discovered before does not mean that they didn’t exist between 2015-2018. All it means is that most of them are getting caught and fixed now instead of flying under the radar, and this is a good thing.
Why do experts think that zero-day threats are being discovered more often in Chrome? The reasons, according to Adrian Taylor of Google Chrome’s Security Team, are as follows:
You can apply this idea to your business’ security infrastructure, too. After all, if you are not currently suffering from security problems, that doesn’t mean they don’t exist. We recommend that you take a close look at your security infrastructure and ensure that you are doing all you can to keep your business safe.
Plus, you will need to make sure that you are appropriately patching your systems as threats are discovered. No software solution will be immune to threats, so you should be addressing vulnerabilities as they appear; it sure beats doing it after a data breach.
To this end, iTSTL can help. To learn more, reach out to us at (314)828-1234.