Google has issued a warning to 2.6 billion people using the Chrome web browser.
The US tech titan told fans last week to expect an increase in the number of cyberattacks in the coming months.
Adrian Taylor, a member of Chrome’s security team, explained the increase in a blog post on March 10.
He was inspired to write the post in response to growing reports of exploits found “in the wild” by Google’s network of researchers.
They are software vulnerabilities that are being actively used by cyber crooks to break into Chrome and attack users.
Google reports exploits found in regular blog series.
“If you’re a regular reader of our Chrome Releases blog, you may have noticed that phrases like ‘Exploit for CVE-1234-567 exists in the wild’ have been appearing more frequently lately,” Taylor wrote.
He added that the increase in reports of cyberattacks is likely the result of two factors.
“While the increase may initially seem worrying, it is important to understand the reason behind this trend.” Taylor wrote.
“If it is because there are many more exploits in the wild, this could point to a worrying trend.”
He added: “On the other hand, if we’re getting more visibility into exploitation by attackers, that’s actually a good thing!
“This is good because it means we can respond by providing bug fixes to our users faster, and we can learn more about how real attackers work.
“So, which is it? It’s likely to be a little bit of both.”
The number of in-the-wild exploits discovered by researchers, also known as “zero days”, more than tripled between 2019 and 2021, according to data from Google’s Project Zero cybersecurity lab.
Chrome’s dramatic rise in popularity in recent years may be partly to blame, Taylor said, as it makes the browser a more attractive prospect for cyberattacks because of its larger base of potential victims.
The increased complexity of browsers like Chrome is also responsible for the increase as PCs and smartphones get smarter.
Taylor explained that multiple attacks are needed for hackers to break into Chrome’s security.
This is due to its security team’s decision to isolate running programs so that attacks cannot spread between vulnerable parts of the browser.
“An attacker typically now has access to more bugs than before,” Taylor wrote.
“For the same level of attacker success, we’ll see more reported wild bugs over time, as we add more layers of defense that the attacker needs to bypass.”
For its part, Chrome is accelerating its release cycle to try and reduce the time between the discovery of an exploit and its patch launch.
In Chrome 76 this gap has already reduced from 35 days to an average of 18 days today, with plans to reduce it further in the future.
Users can keep their PC secure by ensuring that they keep their browser up to date with the latest software releases.
“Above all,” wrote Taylor. “If Chrome is reminding you to update, please do!”
To update Chrome, open the browser and click the More icon (three vertical dots) in the top right.
This story was originally published on The Sun and reproduced here with permission.
