{"id":1010,"date":"2022-01-26T18:59:00","date_gmt":"2022-01-27T01:59:00","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=1010"},"modified":"2022-01-26T14:43:50","modified_gmt":"2022-01-26T21:43:50","slug":"security-threats-in-google-chrome","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/01\/26\/security-threats-in-google-chrome\/","title":{"rendered":"Security threats in Google Chrome"},"content":{"rendered":"\n
\n
\"\"<\/figure>\n<\/figure>\n\n\n\n

Google Chrome, one of the most used browsers with an estimated 3.2 billion users, has recorded around 26 security breaches. Google stated that the one of these issues is rated as \u201ccritical\u201d. Usually, chrome\u2019s vulnerabilities are not often rated as \u201ccritical\u201d, this is already the second one this year. This critical vulnerability is a use after free bug in Safe Browsing feature. Google has found several \u2018Inappropriate implementation\u2019 flaws within Chrome that can be exploited in storage, fenced items and push messaging.
<\/p>\n\n\n\n

What is vulnerability?<\/strong><\/h2>\n\n\n\n

A vulnerability in the context of computer security is a weakness, flaw, or error found within a security system which could compromise a secure network. The computer security flaws that are publicly disclosed are listed in the Common Vulnerabilities and Exposures (CVE) database. This helps to share data across separate vulnerability capabilities. The vulnerability that has been rated critical is assigned CVE-2022-0289<\/a>. This is reported by Sergei Glazunov of Google Project Zero. This vulnerability does not require any user interaction after the user has visited malicious website. Any RCE<\/a> (Remote Code Execution) vulnerability has the power to take over the affected browser and can gain complete access of the system.
<\/p>\n\n\n\n

What is Use after free (UAF)?<\/strong><\/h2>\n\n\n\n

Use after free is a vulnerability that results due to dynamic memory in a program execution. If, a memory location is freed and the pointer pointing to that memory location isn\u2019t cleared, then the attacker can you use that error to manipulate the program and gain the access to the system. The total number of Use after free attacks on chrome adds to 60 since September.
<\/p>\n\n\n\n

What is Safe Browsing?<\/strong><\/h2>\n\n\n\n

Safe Browsing is a feature that give users a warning when they try to browse through dangerous sites or download dangerous file. Google has also provided a public API for Safe Browsing service. If you\u2019re a Chrome user, you should always try to have your Safe Browsing feature enabled. You can find it by clicking Setting > Security and Privacy > Security.<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

How to protect yourself?<\/strong><\/h2>\n\n\n\n

To protect yourself from this issue, Google has responded with an update of version to Chrome 97. Usually, Chrome updates automatically. But if you chrome isn\u2019t updated automatically, you can update it manually by clicking Settings > About Chrome <\/strong>or open the page chrome:\/\/settings\/help<\/strong><\/a>. If your Chrome browser is listed as 97.0.4692.71 or above, you are safe. If an update is available, Chrome will notify you and start downloading it. Once the update is downloaded you will have to relaunch the browser.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The year 2021 was a record-breaking year for the number of Chrome hacks and Chrome hacks in 2022 have started rising. It is important to keep your browser up to date.<\/p>\n\n\n\n

Stay safe everyone!<\/p>\n\n\n\n

References:<\/p>\n\n\n\n

  1. https:\/\/www.forbes.com\/sites\/gordonkelly\/2022\/01\/21\/google-chrome-warning-security-new-hacks-update-chrome-browser\/?sh=7052be351cee<\/a><\/li>
  2. https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/01\/update-now-chrome-patches-critical-rce-vulnerability-in-safe-browsing\/<\/a><\/li>
  3. https:\/\/www.rapid7.com\/fundamentals\/vulnerabilities-exploits-threats\/<\/a><\/li>
  4. https:\/\/www.techtarget.com\/searchwindowsserver\/definition\/remote-code-ex<\/a>e<\/a>cution-RCE<\/a><\/li>
  5. https:\/\/helpdeskgeek.com\/help-desk\/google-chrome-crashing-freezing-or-not-responding-7-ways-to-fix-it\/<\/a><\/li>
  6. https:\/\/www.statista.com\/statistics\/543218\/worldwide-internet-users-by-browser\/#:~:text=In%202021%2C%20there%20were%20an,users%20for%20Chrome%20and%20Safari<\/a>.<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"

    Google Chrome, one of the most used browsers with an estimated 3.2 billion users, has recorded around 26 security breaches. Google stated that the one of these issues is rated as \u201ccritical\u201d. Usually, chrome\u2019s vulnerabilities are not often rated as \u201ccritical\u201d, this is already the second one this year. This critical vulnerability is a use … <\/p>\n

    Continue reading “Security threats in Google Chrome”<\/span><\/a><\/p>\n","protected":false},"author":312,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-1010","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Rohan Chaudhary","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/rohan-chaudhary\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/312"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=1010"}],"version-history":[{"count":1,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1010\/revisions"}],"predecessor-version":[{"id":1020,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1010\/revisions\/1020"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=1010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=1010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=1010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}