Published: October 18, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
With nearly 2.6 billion users worldwide using Google Chrome as their browser of choice, they’ve been exposed to 12 zero-day exploits so far this year, that is until recently. Google added two more zero-day flaws to the list, urging its fans to update the available security patches PDQ. In the past year alone, Chrome browser has experienced a total of 14 zero-day flaws – a new record for the browser behemoth. The share of Chrome users in the U.S. is currently more than 46%, nearly half of all other available browsers. These latest findings come on the heels of other zero-days recently reported by Microsoft Windows.
Zero-day exploits are security flaws hackers can immediately use for cyberattacks for as long as the flaws remain undetected. Until then, developers have no idea the zero-day exists, usually until long after the damage has been done to its users. Of these latest two, Google ranks one as high-severity (CVE-2021-37975) and the other as medium-severity (CVE-2021-37976).
Google says these latest zero-days have been exploited in the wild, making them the fourth and fifth active zero-days patched by them in one month alone. It’s believed the two may be linked together as an exploit chain used to execute arbitrary code, an effective way to overtake and control a device.
Zero-Day Attacks On The Rise
According to an MIT (Massachusetts Institute of Technology) study, zero-day flaws are becoming a serious concern. MIT finds more than 66 zero-days have already been discovered this year, twice the total for last year. So far, this year has become a record-breaker from the time zero-days started being recorded, and there’s still time to go before the end of this year.
One bit of good news for Google and its Chrome users, according to FinancesOnline, Chrome provides the quickest fixes for security flaws with an average of 15 days, as opposed to: Firefox at 28 days; Internet Explorer at 30 days; Safari, the highest at 54 days. But no matter how quickly a security patch is released, the patch is useless, and the flaw remains dangerous until it’s applied.
Google strongly encourages their users to immediately patch the flaws as the only way to mitigate their exploitation. The patch update itself is called 94.0.4606.71 and can’t be applied soon enough according to Google.
The Google Chrome update was made available for Mac, Windows and Linux. One way to apply the update is by clicking “About Chrome” in Settings and the update will install itself. The other is to simply restart Chrome for the update to also self-install. This easy fix to big problem is available NOW, so what is it you’re waiting for?
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com