Friday, September 24, 2021

Unpatched Browsers Abound, Study Reveals

Must Read

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

SolarWinds hackers downloaded Azure, Exchange, and Intune source code says Microsoft

Microsoft's security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers...

Armed Forces confirm hacking of their data network

The Malaysian Armed Forces (ATM) verified that there was a cyber assault on its information network yesterday.Armed Forces chief...

Google Chrome users do not always take the time to relaunch browser upgrades, and a few legacy programs do not support new variants of Chrome, Menlo Security states.

Researchers in Menlo Security discovered that although two-thirds of the clients run the most recent version of Google Chrome (.86), an eye-popping 83% operate variations of the browser which are vulnerable to current zero-day strikes identified by Google.

Vinay Pidathala, director of security research at Menlo, states a lot of the Chrome users aren’t running patched versions of their browsers.

We believe they’ll continue more concentrated attacks to steal intellectual property or for monetary gain.”

Mehul Patel, Menlo’s manager of product marketing, says while some might wonder why enterprises aren’t running updated variants of Chrome, it is not always so easy for safety teams to conduct the upgrades.

Successful updates rely on consumers restarting the browser, and lots of users do not take some opportunity to relaunch, ” he clarifies. Secondly, many enterprises have legacy software that operates on older browsers, so it is not always simple for them to upgrade to the most recent version of Chrome.

As it takes some time for individuals to upgrade their programs, attackers will continue to aim at the Chrome browser, notes Hank Schless, senior director of security solutions in Lookout.

“All these vulnerabilities are just patched when the user upgrades their program,” Schless says. “Since a lot of folks don’t have automatic updates turned on, it is probably attackers may find success in exploiting those vulnerabilities.

In the instance of an effective exploit on cellular, the dangerous celebrity gains access to whatever that the Chrome program can get. Including browsing background, both the camera and mike and place information.”

That may put company data in danger, he says, when a Chrome user instills corporate tools.

As a cure, Menlo provides its isolation-based Cloud Security Platform, which Patel asserts acts as an “airgap” that implements all active Internet content from the endpoint, thereby diluting the zero-day vulnerability.

Unpatched Browsers Abound, Study Reveals
Source: Menlo Security

Michael Suby, a research scientist in IDC who covers safety, states Menlo’s findings emphasize the fact that attackers may find and exploit software vulnerabilities.

“In the cyber-speed attackers operate, [to get defenders to] find and react to this latest exploit isn’t a surefire preventative strategy,” he states. [These] isolation technologies provide options to mitigate the browser instead of an attack vector when enabling end-users to keep their browser-based pursuits.”

As a recap, Here Is a rundown of this zero-days Google patched before this month:

The vulnerability allows malicious JavaScript to break from this sandbox generated in runtime, allowing the consumer to execute native code inside the Chrome manufacturing process.

  • CVE-2020-15999 concentrated on the usage of fonts onto a site the user visits. The part that parses the fonts that are downloaded provides the user access to this browser.
  • CVE-2020-16017 enables an attacker to take control of the browser and gain access to the documents found on the gadget.
  • CVE-2020-16010 enables an attacker to take control of the browser Android apparatus to obtain access to documents found on the mobile device.
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This