There is no such thing as a bug-free piece of software. The mighty Google Chrome is no exception. That’s why there are constant updates being released for the browser.
The latest Chrome update patches 11 vulnerabilities that were discovered. All eleven were rated high-severity and two of those eleven were zero-day vulnerabilities.
So, you need to update your browser right now.
Updating the browser
- Go to ‘Menu’ (top right icon). If there is an uninstalled update it will appear here. If not, proceed to:
- Click ‘Help’
- Click ‘About Google Chrome’ You will be redirected to a page, where the update should automatically begin once it has finished checking for the new updates.
A zero-day vulnerability is when attackers become aware of a vulnerability in the software before the vendor does.
This means any exploit has a higher chance of success as the attackers have a head start. Working in the shadows, they can wreak havoc whilst the vendor is none the wiser.
So, in Chrome were found two zero-day vulnerabilities that were being actively exploited. Hence the need to update Chrome right now.
Zero day vulnerabilities more common than you’d think
Including these latest two, Chrome is now up to 10 zero day vulnerabilities discovered this year. They have all been patched and so this underpins the need to regularly update our software.
Chrome has a big target on it’s head because it is the most popular browser. It is also available on all major operating systems.
So, an attack on Chrome is an efficient attack. One exploit avails victims using Windows, MacOS and Linux as in this case.
Chrome is not the only victim of zero day attacks. As Google was releasing it’s patch, Apple was releasing their own. A vulnerability which affects every iPhone, iPad, Mac and Apple Watch was discovered. Apple says it may have been actively exploited.
Microsoft Windows, Zoom, and many other popular software often deal with these vulnerabilities.
Top dollar paid to discoverers of bugs
The world of software is one of collaboration. One cannot possibly find all the vulnerabilities in his software. A second or third set of eyes is therefore essential.
It is not Google engineers who discovered the 11 vulnerabilities we discussed. That honour goes to various bug bounty hunters.
These ethical hackers (independent researchers) comb through popular software looking for any bugs. In reward they get monetary compensation for their trouble.
Most companies have Bug Bounty Reward programs which clearly state how much a hacker will be paid for the bugs they find.
Google is yet to disclose how much the hackers that found these latest zero day vulnerabilities were paid. However, for the other high-severity flaws, the lowest paid was US$5000.
Let’s get hacking people.