Cybersecurity

 

Google Chrome Update Gets Serious: Homeland Security (CISA) Confirms Attacks Underway

Within the space of just three short weeks, Google has patched no less than five potentially dangerous vulnerabilities in the Chrome web browser.

These are not your common vulnerabilities either, but rather ones known as zero-days. A zero-day being a vulnerability that is being actively exploited by attackers while remaining unknown to the vendor or threat intelligence outfits.

Once the vendor becomes aware of the security flaw, day zero, it can start to mitigate against exploitation but not before. The attackers, therefore, have a head start.

What do we know about these zero-day Chrome flaws?

The latest two zero-days to be discovered are classed as high-severity in nature and affect Chrome for Windows, Mac and Linux.

The precise details of CVE-2020-16013 and CVE-2020-16017 have not yet been made public as Google restricts access to such information until the majority of users have updated.

However, the Department of Homeland Security cybersecurity agency, CISA, has advised that an attacker "could exploit one of these vulnerabilities to take control of an affected system."