Op-Ed: Google Chrome browser hijackings confirmed, but don’t panic – yet


Google, whose Android operating system and Google Play app store dominate the Italian market, has been fined for blocking a competing app and thus promoting its own Google Maps app. © Denis Charlet, AFP / File photo

There is no such thing as the biggest possible target for hackers, and Google Chrome is certainly just that. The bottom line is that there are significant issues, very real possible threats, and you need to do whatever it takes to deal with these things.

Loud titles always useful vary in usefulness, far too:

… Exactly what every Chrome user needs to see, of course. The story is that Day zero attacks now occur regularly, 11 this year to date, and Google is far less than happy.

Not too impressed with the Headless Chicken Little approach to internet security, I found information straight from Google dated October 7th. Google’s information is much less hysterical and includes some helpful links. The title, quite interesting, is Desktop stable channel update. The word “delete” does not exist on this page.

So what is so important?

Zero Day attacks could compromise Secure Socket Layer (SSL) security, the type you use for banking. This is a huge problem, even predictable. SSL is generally very secure, so even the suggestion of any risk is highly undesirable.

It’s kind of an excuse for panic. This is no excuse at all for the unsubstantiated statements strewn throughout the cover. Google, apparently reluctant to destroy its first global browser, simply said fixes were being released. Several have obviously already been implemented.

What can you do? Rather easy.

The easiest way is to just click on the top right, click on Help, and search for the current update. The relevant update in Google Info is 94.0.4606.81 for Windows and Mac. This update resolves four specific vulnerabilities. Google insists that access to details and links regarding other issues is limited. You don’t tell the bad guys what you’ve already fixed until it’s obvious.

Some points of view

Browser hacks aren’t new. Browsers are complex. They require monitoring. All browsers, notably Internet Explorer, have major vulnerabilities.

Culture is a major driver of this situation of parasitism, often sponsored by organized crime, this invaluable asset for the world. State actors are also fairly common participants in internet sabotage. It’s nice to know that someone is determined to start World War III, isn’t it?

Caveat – This is an opinion, not a proven fact: What is generally known about cyber attacks and what actually happens may not be the same. It’s probably a lot worse and has always been worse than public disclosures.

The tracking logic here is that an attack on something as big as Chrome isn’t even in the best interests of old, clumsy traditional hackers. A hyper-secure and possibly responsive browser would be their death and that of their business. So, something much bigger is likely to be at stake to even think about this kind of attack.

More to the same point – Google Chrome is actually a pretty tough target for hackers. It would take a lot of effort to find these vulnerabilities and use them. It’s major league stuff, pretty much if not entirely out of reach for some guys with a phone and some free time.

Meanwhile, back to the Cluster Factory on Main Street Online

It is still too easy to wreak havoc at any level of the net, let alone at the browser level. Most writers on all things Internet, including myself, have argued this point of view on Internet security in countless ways, for decades.

Maybe it’s the old, stupid middle-class thing “If there weren’t for problems, I wouldn’t have a job.” The fixes seem to be pretty slow in terms of the Main Street hack, for example. Saw quite a few real phishing antiques, pretty much dinosaurs, still shaking. So what has been fixed? Not much, I would say.

We seem to be talking to a void. A surprisingly sufficient vacuum cleaner. Online security is worse than ever, decades later. Nowhere other than online could dutifully do your job at all be so acceptable. You claim to be geniuses; now prove it.

Kill the culture, and you kill the problem. Don’t kill him, and the risks escalate. Add unacceptable levels of risk to hacks and cyber attacks, and the risks decrease. Sky blue, grass green. Sufficiently clear?

Source link


Comments are closed.