in

Google just made its Chrome browser more secure by cutting ‘patch gap’ in half

<!–>

Google

For some time, Google released security updates for the Chrome browser on a bi-weekly basis. However, the company has now decided that a faster patch release schedule is needed to thwart hackers (and other bad actors) from exploiting vulnerabilities in the browser. 

Although bi-weekly sounds like a solid schedule for keeping a browser safe, the one thing to keep in mind is that, because Chrome is the most widely-used browser on the market, it tends to have a target on its back.

Also: The best VPN services right now: Expert tested and reviewed

Part of the problem stems from Chrome being based on the open-source Chromium browser, which allows anyone to view the source code. Because of that, bad actors can more easily discover zero-day vulnerabilities (and other flaws) and use them against Chrome. When a zero-day flaw has been made public, it is then called an n-day flaw.

–>

The gap between zero-day and n-day flaws is known as the “patch gap” and it’s a critical time. 

Google understands getting those fixes to the live versions of Chrome must happen as quickly as possible. By shifting the security update schedule from bi-weekly to weekly, Google believes it can shrink the patch gap and ensure the live versions of Chrome aren’t vulnerable to the flaws discovered in Chromium. Considering that only two years ago the patch gap for Chrome was 35 days, it’s no wonder Chrome has been the victim of so many attacks. 

Also: The best browsers for privacy

With the release of Chrome 77, that patch gap was narrowed down to 14 days, which helped to somewhat mitigate the attacks. Reducing the time between patches doesn’t mean, however, that Chrome is 100% secure. There are some vulnerabilities that are more complex and require more time to patch. 

But even with those more complicated issues, Chrome should find a new level of security with the patch gap cut in half. It also means threat actors will have to work faster to take advantage of n-day vulnerabilities before they are patched. 

Of course, this new plan does depend on users applying the weekly patches by closing and reopening the browser when it informs you a patch has been applied. You should start seeing this happen more frequently, so make sure you restart Chrome when informed to do so.

The mobile conundrum

The desktop version of Chrome is one thing. With the Android version, Google doesn’t always have control over when a manufacturer releases an update for a device. If your phone of choice is a Pixel, you can count on receiving the Chrome patches more regularly. On other devices, there is no guarantee (and it could take months before those patches are sent to the user’s devices). 

Whether you use the desktop or mobile version of Chrome, make sure you regularly check for updates or restart your browser when one of those patches is automatically applied.


Source: Information Technologies - zdnet.com

Australian broadcaster cuts presence on platform formerly called Twitter

AMD and Intel CPU security bugs bring Linux patches