A member of Google Chrome’s Security Team explained an impending threat in a blog post on March 10. Adrian Taylor wrote people should expect a rise in the number of cyberattacks coming in the next few months.
2.6 billion people use its Chrome web browser, and Taylor’s post was a “response to increasing reports of exploits found ‘in the wild’ by Google’s network of researchers” reports The New York Post.
“If you are a regular reader of our Chrome release blog, you may have noticed that phrases like ‘exploit for CVE-1234-567 exists in the wild’ have been appearing more often recently,” Taylor wrote.
He added that the rise in cyberattack reports is likely a result of two factors.
“While the increase may initially seem concerning, it’s important to understand the reason behind this trend.”
“If it’s because there are many more exploits in the wild, it could point to a worrying trend,” he wrote. However, “On the other hand, if we’re simply gaining more visibility into exploitation by attackers, it’s actually a good thing! It’s good because it means we can respond by providing bug fixes to our users faster, and we can learn more about how real attackers operate.”
“So, which is it? It’s likely a little of both.”
The number of in-the-wild exploits, also known as “zero days”, discovered by researchers more than tripled between 2019 and 2021, according to data from Google’s Project Zero cybersecurity lab.
The dramatic rise in Chrome’s popularity in recent years may partly be to blame, Taylor said, as it makes the browser a more attractive prospect for cyber-attacks due to its large base of potential victims.
This is due to its security team’s decision to separate running programs so that attacks cannot spread between vulnerable parts of the browser. “An attacker generally now has to use more bugs than they previously did,” Taylor wrote.
“For exactly the same level of attacker success, we’d see more in-the-wild bugs reported over time, as we add more layers of defense that the attacker needs to bypass.”
For its part, Chrome is accelerating its release cycles to try and slash the time between an exploit’s discovery and its patch launch.
That gap has already dropped from 35 days in Chrome 76 to an average of 18 days today, with plans in place to reduce this further in future.
Users can keep their PCs protected by ensuring they keep their browsers up to date with the latest software releases.
“Above all,” Taylor wrote. “If Chrome is reminding you to update, please do!”
To update Chrome, open the browser and click the More icon (three vertical dots) in the top right.