Google Issues Warning to Chrome and Chrome-Based Users as Zero-Day Hacks Continue to Increase

On Mar. 12, Google announced that it expects a surge of zero-day attacks, prompting the search giant to issue warming to more than 3.2 billion Chrome and Chrome-based users worldwide.

Google Issues Warning to Chrome Users

Google's Chrome Security team member Adrian Taylor wrote that the zero-day attacks are increasing dramatically in a blog post. Zero-day attacks are hacks that happen before Google can issue a fix.

Taylor explains that people may have noticed that phrases such as "exploit for CVE-1234-567 exists in the wild" have been showing up more recently. While the increase may seem concerning at first, it is important to understand the reason behind the trend, according to ZDNet.

Taylor said that many exploits in the wild are a worrying trend, but if they are gaining more visibility into exploitation by attackers, it is considered a good thing. It is good because it means that they can respond by rolling out bug fixes to their users faster and learn more about how real attacks work.

Taylor added that hackers increasingly need several attacks to break through Chrome's defenses because of sandboxing. This is a security mechanism for separating running programs, so successful attacks can't spread to the vulnerable parts of the Google Chrome and Microsoft Edge browsers.

With that said, Taylor admits that the deprecation of Adobe Flash and the sudden rise in the popularity of Chrome and Chromium-based browsers are also factors. This means that they have a bigger target on their back.

There is also the question of complexity. Taylor wrote that software has bugs, and browsers increasingly mirror the complexity of operating systems. Basically, more complexity means there are more bugs.

For its part, Chrome is stepping up its release cycles to try and cut the gap between zero-day hacks and their fixes becoming available, according to Vice. The original release cycle is 35 days, and as of Mar. 12, it was reduced to 18 days.

However, much of Google's good work in the middle of these growing attacks still relies on the user, and Taylor warns this department.

Chrome can't protect itself automatically. Even after installing the latest update, both Chrome and Chrome-based browsers need to be restarted by users before they are protected. Taylor also reminded users to update Chrome all the time.

Google's Zero-Day Hacks

In 2021 alone, Google recorded a total of 16 zero-day hacks. Google revealed that the12th and 13th zero-day exploits had caused so much damage. The said zero-day hacks affected macOS, Linux, and Windows users, according to Forbes.

Zero-day hacks are critical because they were known to hackers before Google could even release a fix. This immediately places Chrome users in danger. As per protocol, Google restricted information about both hacks to buy Chrome users to upgrade.

The first zero-day attack is a Use-After-Free or UAF vulnerability, targeted repeatedly by hackers in 2021. Double-digit UAF attacks were recorded on Chrome in September and October 2021.

Related Article: Google Chrome Emergency Update Released for New High-Level Zero-Day Flaw! ALL Browsers Affected

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics