I have reached out to Google concerning the spate of zero-day vulnerabilities across the last few weeks and will update this article if any statement is forthcoming. 86 build of Chrome, 83% of them don't have the very latest security update and are still vulnerable to attack. That, in and of itself, leaves plenty of people unprotected against these current threats, but it gets worse. Of the 49 different versions of Google Chrome being used by customers as of November 17, some 61% are running a. New research, published November 18 by Menlo Security, has revealed just how dangerous these vulnerabilities could be. "Out-of-date mobile devices can be just as dangerous as out of date apps," he says, "this leaves the user's personal or work data open to attackers that exploit vulnerabilities patched in later versions of the mobile app or operating system." "24 hours after the updated version of Chrome was available on the Play Store," Hank Schless, senior manager of security solutions at Lookout, told me, "we observed that roughly half of Android users had updated their app."Īs well as the automatic update issue mentioned before, Schless points to older Android devices that don't support the updated software as being partly to blame. Choose this if you only want the latest version of Chrome. When Google very quickly updated Chrome following one of the zero-day vulnerabilities from earlier in the month, CVE-2020-16010, users were slow to secure themselves. Bundle The Bundle download includes the Chrome MSI installer, ADM/ADMX templates with 300+ user and device policies, Legacy Browser Support Native Host and manageable automatic updates. This is particularly apparent when it comes to the Chrome browser app. Here's the thing: some people are slow to update their browsers, which leaves an attack window open for days, weeks, or even longer in some cases. MORE FROM FORBES Windows 10 Users Beware-New Hacker Attack Confirmed By Google, Microsoft By Davey Winder The dangers of being slow to update apps This will kickstart the download of the latest version if not already downloaded and prompt you to restart the browser. Users should go to the Help option from the 'three-dot' menu upper right and select About Google Chrome. Not everyone will have automatic updates enabled, and not all of those who do will reboot Chrome on a regular basis. Automatic updating ensures that Chrome is updated to the latest version once the browser is restarted. That should be the good news, of course, but life is never that simple. Unsurprisingly, CISA is encouraging users to apply the necessary updates that Google has been rolling out this past week, as soon as possible. CISA has confirmed that the security vulnerabilities have been "detected in exploits in the wild." The bad news is that attackers already know precisely what the vulnerabilities are and how to exploit them. CISA urges users to update Google Chrome in light of ongoing attacks CVE-2020-16017, on the other hand, would appear to be a memory corruption vulnerability within the Chrome website sandboxing feature known as Site Isolation.
0 Comments
Leave a Reply. |