We realize that it’s one thing for us to tell you how important it is to update your software. After all, we’re tech guys, so we worry about that kind of thing all the time. Hopefully, it’s quite another matter when Homeland Security does it, which is why we’re really hoping that you take heed of this warning and update Google Chrome.

Homeland Security Warns of Current Attacks Via Chrome

So far this month, there have been no fewer than five vulnerabilities patched in the Chrome web browser, all of which have been zero-day threats.

A zero-day threat is one that attackers have begun to leverage before a software developer or security researcher has managed to identify it. As a result, the attacker using a zero-day attack has the advantage of an early start, leaving the vendor playing catch-up. This makes zero-day threats particularly dangerous to begin with.

What’s worse, the last two zero-day threats that influence Chrome have been deemed to be high severity attacks. While the full details of these threats have not yet been released to the public, we do know that CISA—the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency—has stated that the vulnerabilities these threats are composed of could enable an attacker to take over an affected system. One of them, tied to a JavaScript engine, would most likely be used in a phishing attack, while the other is more likely to be a corruption vulnerability in one of Chrome’s features.

Regardless, these vulnerabilities have already been spotted in active use, and so CISA is also encouraging users to apply the updates that Google has released to resolve these issues.

Why Applying Updates is So Important

Let me ask you this: if the front door of your business suddenly couldn’t be locked properly, would you just leave it like that and hope for the best, or would you fix it immediately?

Either one of these vulnerabilities are akin to the broken lock, and too many users unwittingly elect to take the first option. For instance, when Google mitigated one of these vulnerabilities with an update, only half of Android users updated their version of Chrome within a day. Whether this is simply negligence or the use of an out-of-date device, it leaves serious vulnerabilities open to attack.

As a managed service provider, JumpStart Technology is here to help. Part of our service is to ensure that these kinds of patches and fixes are applied in an appropriately timely manner. As a Jump Start client, you can be sure that we are handling all necessary updates on the backend.  To check your current update status on Chrome:

On your desktop/laptop:

  1. At the top right, look at More
  2. Click Help > About Chrome to find the current version.

Chrome checks for new updates regularly, and when an update is available, Chrome applies it automatically when you close and reopen the browser.

For your iPhone/iPad:

Chrome should automatically update based upon your Apple App Store settings. You can check if there's a new version available:

  1. On your iPhone or iPad, open the App Store.
  2. At the top right, tap Profile .
  3. Scroll down to "Available Updates," and search for Chrome .
  4. If Chrome is listed, tap Update to install.
  5. If asked, enter your Apple ID password. The updates will download and install.

If you don’t have the Google Chrome app yet, download it from the App Store.

For Android:

Chrome should automatically update based upon your Play Store settings. You can check if there's a new version available:

  1. On your Android phone or tablet, open the Play Store app .
  2. At the top left, tap Menu   My apps & games.
  3. Under "Updates," find Chrome .
  4. Next to Chrome, tap Update.

If you need assistance with securing your business’ IT or with any other aspect of your technology management, reach out to us to find out what we can do for you. Call 650-949-0667 today.