すべてのユーザーに重大な新しいGoogleChromeセキュリティ警告、今すぐ更新

5月26日以下の更新。 この投稿はもともと5月25日に公開されました

多くの人は、製品の脆弱性の定期的な発見とパッチ適用を、セキュリティの悪さの兆候と見なしています。 私はその一人ではありません。 私はいつも、これらのセキュリティ上の欠陥は、発見されないよりも、社内チーム、バグバウンティプラットフォーム、または独立した研究者によって発見されたほうがいいと言ってきました。 定期的かつ透過的にパッチを適用するベンダーは、弱いセキュリティ体制ではなく、強力なセキュリティ体制を示しています。 確かに、理想的な世界では、ソフトウェアにはバグがなく、ハッカーはコードを悪用する創造的な方法を見つけることができません。 あなたがそれを逃した場合、これは理想的な世界ではありません。 その点で、Googleはセキュリティの観点から優れた仕事をしており、最新のChromeバージョン102アップデートはこれが実際に行われている好例です。

しかし、新しく発表された研究はどれからですか? 英国では、ウェブブラウザのセキュリティの別の分野であるフィッシング対策において、Googleが誇りに思うことははるかに少ないと主張しています。

どれの? レポートは、ブラウザのフィッシング保護に関してGoogleChromeが遅れていると主張しています

Google Chromeは、その結論に到達するために使用するメトリックが何であれ、世界で最も人気のあるWebブラウザーです。 30億人以上のユーザーと65%のデスクトップ市場シェア(Safariはわずか9%で2位)を誇るChromeは、誰もが認めるブラウザチャンピオンです。 だが どっち? 報告 フィッシングサイトの検出とブロックという1つのセキュリティ指標に関しては、Apple Safari、Microsoft Edge、Mozilla Firefox、Operaの数に数えられるほど、真にノックアウトされていると主張しているようです。 それが言われなければならないという主張、グーグル自体は論争している。

このレポートは、最も人気のあるWebブラウザーのテストに基づいており、「最初に発見された直後に800の新しく発見されたサイト」にアクセスしようとしました。 これは、そのようなもののデータベースにまだ表示されていないサイトからの最新のフィッシングの脅威にブラウザがどれだけうまく対処できるかをテストするためのようです。

結果はプラットフォームによって異なるため、結果はWindowsとMacのカテゴリに分けられました:Google Chrome p[laced last in each. The percentages are shown below, representing the proportion of those phishing sites that the browsers prevented the user from opening.

Windows:

  • 85% Mozilla Firefox
  • 82% Microsoft Edge
  • 56% Opera
  • 28% Google Chrome

Mac:

  • 78% Mozilla Firefox
  • 77% Apple Safari
  • 56% Opera
  • 25% Google Chrome

What Google says about the Which? phishing test results

I reached out to Google which supplied me with the following statement:

“This study’s methodology and findings demand scrutiny. For more than 10 years, Google has helped set the anti-phishing standard — and freely provided the underlying technology — for other browsers. Google and Mozilla often partner to improve the security of the web, and Firefox relies primarily on Google’s Safe Browsing API to block phishing – but the researchers indicated that Firefox provided significantly more phishing protection than Chrome. It’s highly unlikely that browsers using the same technology for phishing detection would differ meaningfully in the level of protection they offer, so we remain sceptical of this report’s findings.”

What does a phishing awareness expert say?

“Depending on the methodology and techniques used, the results of how browsers detect and block phishing attacks can vary,” Javvad Malik, lead security awareness advocate at anti-phishing specialists KnowBe4, said. “However, it’s worth bearing in mind that like many threats, phishing cannot be prevented with just one control, and perhaps due to the nature of phishing attacks, technology alone will never be fully effective. Therefore, it’s vitally important to provide users with timely and relevant security awareness and training so that they can be better placed to identify phishing attacks and report them to their security teams.”

Google Chrome 102 update fixes 32 new security vulnerabilities

The good news for the estimated 3.2 billion users of Google’s Chrome web browser is that, as far as we know, there are no new zero-day attacks ongoing against them. However, according to the latest confirmation from Google, a total of 32 new security vulnerabilities have been discovered that impact the Chromium-based browser. Of these, one has a critical impact status, eight are rated high and a further nine are medium.

This is one big, and very important, security update for all Chrome users across Windows, Mac, and Linux platforms. There is also an update rolling out for the Android Chrome app, but this appears not to be security-related as Google has only pointed to “stability and performance” issues in the release announcement.

MORE FROM FORBESiOS 15.5-Apple Issues iPhone Security Update For Millions Of Users

What are the most important Google Chrome vulnerabilities to be disclosed?

So, what do we know about the May 24 Google Chrome update, which takes the browser to version 102.0.5005.61 for Mac and Linux users and either 102.0.5005.61 62 or 63 for Windows users. After ensuring my copy on Windows 11 was updated (details below) it is showing as version 102.0.5005.63, but your mileage could vary it seems.

Ok, so are those details of the most important vulnerabilities that have been fixed by this security update.

  • CVE-2022-1853 is a critical-rated ‘use after free’ vulnerability impacting IndexedDB, a feature that allows fast access to structured data.
  • CVE-2022-1854 is a high-rated ‘use after free’ vulnerability in the ANGLE graphics engine abstraction layer.
  • CVE-2022-1855 is a high-rated ‘use after free’ vulnerability in messaging.
  • CVE-2022-1856 is a high-rated ‘use after free’ vulnerability in the user education function.
  • CVE-2022-1857 is a high-rated vulnerability concerning insufficient policy enforcement in the file system API.
  • CVE-2022-1858 is a high-rated ‘out of bounds’ vulnerability impacting DevTools.
  • CVE-2022-1859 is another high-rated ‘use after free’ vulnerability, this time within the performance manager.
  • CVE-2022-1860 is yet another high-rated ‘use after free’ vulnerability, this time within UI foundations.
  • CVE-2022-1861 rounds up the high-rated vulnerabilities, a ‘use after free’ one impacting sharing.

The remaining vulnerabilities, not all of which have been assigned Common Vulnerabilities and Exposures (CVE) numbers, may not be as serious in terms of impact but go towards completing what is another huge security update from Google.

Why, and how, you should update now

As always, it is recommended that you force the Chrome security update as soon as you can. While it will be rolling out over the coming days and weeks, as Google always says, given the nature of the security vulnerabilities that are covered, it’s a good idea not to wait. Simply by heading for the Help|About option in your Google Chrome menu is all it takes to get the process going. This forces Chrome to check for, and download, any updates. What is vital, though, is that you restart the browser to ensure the update has been implemented and is protecting you from potential harm.

Leave a Comment

Your email address will not be published.