Google Chrome users still vulnerable to multiple zero-day attacks

Google Chrome
(Image credit: Shutterstpck)

As business users and consumers have moved most of their workloads to the cloud, more and more of their work is being done in web browsers such as Google Chrome as opposed to in applications installed locally on their systems.

This means that the web browser is now an essential yet vulnerable entry point that if compromised, could give cybercriminals access to a user's entire digital life including their email, online banking, social networks and more. However, despite this risk, users are failing to update to the latest version of Google Chrome according to new research from Menlo Security.

The cybersecurity firm found that 49 different versions of Google's browser are being used by its customers. While nearly two thirds (61%) of them are running Chrome 86 which is the latest build, 28 percent are still running Chrome 85. Of Menlo Security's customers that are running Chrome 86, a staggering 83 percent are running vulnerable versions of the browser.

Although Google regularly releases updates for Chrome, users aren't updating their browsers in a timely fashion. According to Menlo Security's data, users are often waiting multiple days to install the latest patches for their browser if they do so at all.

The dangers of patch fatigue

As Google and other software developers have begun releasing patches more regularly, many users have succumb to patch fatigue after being constantly bombarded with updates. 

While an 'if it's not broken why fix it' mentality may work in the physical world, doing so online can leave your data and systems at risk of cyberattacks. This is because cybercriminals know that users aren't updating their systems which allows them to exploit known vulnerabilities in popular software even if patches are available.

Over the past five weeks, Google has issued patches for five zero day vulnerabilities in its Chrome browser which the CISA says are being actively exploited in the wild. However, most organizations and users have yet to patch their browsers.

Keeping Chrome regularly updated can help you avoid falling victim to any potential attacks leveraging known vulnerabilities and Google makes it easy to know when an update is available by displaying a colored icon at the top right of its browser near the three dots menu. The search giant also uses the colors green, yellow and red to let you know when an update was released. In a support document, Google explains that green indicates an update was released less than two days ago, orange means an update was released around four days ago and red shows an update was released at least a week ago.

To do yourself a favor an update Chrome regularly as failing to do so could lead to identity theft, cyberattacks and other serious security implications both for yourself and for your data.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.