Security News > 2022 > February > Google announces zero-day in Chrome browser – update now!
In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers.
In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone - and you have to hope that it wasn't you! - has already been attacked and pwned, even if they're accustomed to patching promptly themselves.
Simply put, the zero part of the jargon means that there were zero days during which you could have been patched proactively, no matter how hard you tried, because the attackers got there first.
No hints about how or where the attacks were carried out, what the attackers were after, what the attackers made off with, what indicators of compromise you could look for in your own logs, how to evaulate your risk, or whether there are any workarounds or mitigations you could apply until you're sure everything's been patched.
You will also hear this sort of infection called a zero-click attack, because the attackers don't need to convince you to do anything more than to view their content - something that's generally supposed to be safe because it happens entirely inside your browser window.
The stable version of Edge doesn't have an update out yet , at least in its official Linux repository, where we update from, but we suspect there will be one out soon.
News URL
https://nakedsecurity.sophos.com/2022/02/15/google-announces-zero-day-in-chrome-browser-update-now/
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Qilin ransomware now steals credentials from Chrome browsers (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)