83% of Chrome users do not update despite Google’s successive zero-day announcement

Chrome, the highest market share browser…A
A condition where zero-day comes out one after the other, where the interest and study of attackers is centered… Even, the consumer upgrade rate is poor .

Friday, November 20, 2020, 20:02 GMT

It’s a huge concern because Google recently published five zero-days in a row, and even though it released a fix, it doesn’t update,”It’s a big problem that Google recently released five zero-days in a row, and it doesn’t update even though it’s released a patch,” “Because It’s clear that in the future there will be more than zero days.” “When Internet Explorer was in full swing, what were hackers like? We intensively researched and continued to identify flaws. The target of the attention of the attackers is now Chrome. Users of Chrome should realize this and develop a patching habit.’

Mehul Patel, Menlo’s chief product marketing, says, “If you just say this, everyone’s going to think,’ Why the hell aren’t you updating it Once the update is successfully applied, you’re going to need to turn your browser off and then back on again in most cases.” To most consumers, though this method is bothersome. Furthermore, corporations also use enterprise apps that are only compliant with the old Chrome update. Updates may be directly related to organization instability in such a situation.

Ultimately, it takes time to download, whether long or short, which means users are always in trouble for this part. “It’s saving time to expose yourself to all sorts of risks,” says Hank Schless, senior management at Lookout, a defense company. “That I can’t help. Patching it is the best way to repair it. It’s important to note that attackers still search for vulnerable app models. It’s like going into a desert full of beasts not having to patch it. If you’re all alive, you were so blessed.

Somebody questions back like this in this situation. I’m not an important guy, so it’s all right that I’m not eating well No,” Schles says.” “Everyone in their browser has good knowledge. For hackers, browsing history alone is very useful material. Especially if you ever had remote access to a corporate network via Chrome, you’re a good prey already.

You might consider using a security framework based on ‘isolation technologies’ if patching is just not feasible.

“A technology that isolates and executes web content from endpoints,” states Patel. In other words, it has the effect of stopping the attacker from initiating the zero-day flaw. This is a technology that helps you to easily use your browser while mitigating zero-day effects. But it’s impossible to say that it’s a basic remedy, like a patch.

The zero-day bugs that Google has fixed over the last month, meanwhile, are as follows.
1) CVE-2020-16009 / CVE-2020-16013: This is a vulnerability which helps the sandbox to escape from malicious JavaScript. Inside the Chrome rendering process, this enables an attacker to execute native code.
2) CVE-2020-15999: This is a weakness linked to the use of the visited site font. By interfering in the process of uploading the font to the user’s device, an intruder may enter the browser.
3) CVE-2020-16017: The browser is taken over by the attacker and helps it to access the file system of the client.

4) CVE-2020-16010: Allows Android devices to be taken over by attackers and helps them to access local file systems.

3-line overview

  1. Google issued zero-day updates one after another recently.
  2. 83 percent of Chrome users, however do not upgrade.
  3. It is safe to use a protection framework using isolation technologies if improvements are not available.