October saw five vulnerabilities patched in Chrome, with two of those vulnerabilities being classified as zero-day threats. A zero-day threat is an attack that is already being used by cybercriminals by the time security researchers identify it. With the head start that the zero-day threat gives them, these cybercriminals have a dangerous advantage.
To add to the issue, two of these zero-day threats were also identified as high severity attacks, one taking the form of a JavaScript engine phishing attack and the other in a corruption vulnerability in one of Chrome’s features. While further details are scarce, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) have warned us of their significance and their capability to assist an attacker in taking over an infected system.
Both threats have been spotted, so CISA is officially encouraging that all patches be applied, and updates made, to resolve these threats.
What Makes Updates So Important?
Let me ask you this: let’s say that your office’s front door would no longer lock securely. Would you leave it alone in the hopes that nobody would mess with it, or would you prioritize having the lock fixed?
This is the situation that business owners now find themselves in, and far too many of them simply hope that it won’t be a problem. Consider the fact that Google released a patch for one of these vulnerabilities via an update, but only half of users applied the update within a day.
Regardless of whether this is due to negligence or the possibility that the device they are using is simply outdated, this suggests that many companies are leaving their vulnerabilities exposed.
Aspire can help through our managed services, as we’ll ensure that your technology is patched and fixed appropriately. To learn more about our services, or to find out how else we can assist you in securing your business’ IT, reach out to us at (469) 7-ASPIRE.