Increasing Concerns Over Chromium-Based Browsers
April 22, 2022
Google Chrome has gone through constant updates since late February. Chrome, arguably one of the most popular browsers used today, has been patching severe exploits found within its source code. However, Chrome is not the only browser that was under fire from these exploits since other browsers use Chromium, Google’s open-source code, as a foundation. Other browsers based on Chromium include Opera, Microsoft Edge, Brave, and Vivaldi. Until an update is released, users are advised to be cautious while roaming the web or to use an alternative browser if necessary.
There’s a day zero exploit titled “CVE-2022-1364”, or “Type Confusion in V8”, which was discovered by Clément Lecigne, a Google employee. V8 refers to the JavaScript coding that Chromium uses in its structure. Take this situation as an example, a user types in “www.youtube.com” onto the browser search bar to get to the website directly. Once the “Enter” key is hit, the request is sent. The server is supposed to receive the request and respond with code. Normally, the server will direct you to the site you requested without any issues. However, the bug provided an opportunity to infiltrate the process in the middle. Allowing a different user from the outside to write in malicious code that the server sees as “correct”. If you stumble on the wrong site, a hacker could easily load malware onto your computer. This is extremely dangerous considering ransomware like WannaCry could encrypt your files and then demand money to have those files back. Depending on your line of work, this could result in severe damage. If it’s not malware, other sensitive information could be accessed which could result in fraud or identity theft.
Google currently considers the most recent bug as “out in the wild” which means it could be taken advantage of by anyone savvy enough on the internet. It’s important to be careful when downloading software from third-party sites or simply browsing around sites with deceptive ads. Make sure to use strong passwords, avoid sharing personal information, and refuse to give permissions to programs and downloads that can’t be fully trusted. Recently, an article was published on the Mace and Crown regarding phishing attacks done via Duo Mobile. It’s important to keep vigilant for similar attacks, especially since Google has been known to not release many details about the bugs or when the next update will be.
Stay safe out there on the internet. These days, any well-executed cyber attack could make a great impact on your everyday life. Any updates regarding the situation will be posted.