Cyberattacks targeting vulnerabilities in internet browsers are on the rise – with Google Chrome increasingly in the hackers’ sights.
According to analysis by cybersecurity researchers at WatchGuard, the second quarter of this year saw an overall 23% increase in malware attacks against browsers – Chrome, Firefox, and Internet Explorer – compared with the previous quarter.
Much of that increase has been driven by a rise in cyberattacks on Chrome: according to the WatchGuard Threat Lab Internet Security Report, attacks targeting Google’s browser have increased by 50%.
Browsers are of interest to hackers because they’re key to how we use the internet – entering and storing information including passwords, cookies, and even credit card details. This makes them a target for information-stealing malware.
All of this information is useful for cyber criminals, either to exploit themselves or sell on dark web forums for others to use. For example, stolen passwords for corporate cloud services could be used to help launch significant cyberattacks, including ransomware campaigns, while stolen card details could be used to drain people’s bank accounts.
Researchers suggest that one reason for the increase in attacks targeting Chrome could be the persistence of various zero-day exploits.
There have been several instances of these high-severity Chrome vulnerabilities this year, including CVE-2022-1364, CVE-2022-2294 and CVE-2022-307. Google warned that the latter was actively being used to conduct cyberattacks, and Chrome browser users on Windows, Mac and Linux were told to apply the relevant security update immediately.
However, researchers suggest that the rise on Chrome attacks might partly be due to the fact that many browsers aren’t receiving the updates, particularly if security patches aren’t automatically being applied by administrators. Without these updates, browsers are highly vulnerable to attacks.
Ensuring that critical security updates are applied as soon as possible is one of the best strategies when it comes to protecting against cyberattacks targeting browsers – or any other software.
“All it takes is one unpatched vulnerability for an attack to squeeze through a crack in your defenses. Keeping your software updated with the latest security patches is one of the single best actions you can take in terms of bang for your buck in cyber defense,” said the WatchGuard report.
MORE ON CYBERSECURITY