Get Started Today!  (415) 295-4898

croom new

415 IT Blog

This Chrome Bug Could Affect Billions

This Chrome Bug Could Affect Billions

Data and cybersecurity is hard enough without vulnerabilities coming from one of your most utilized applications. That’s the scenario after a bug was found in some of today’s most popular Internet browsers putting billions of people’s data security at risk. Let’s take a brief look at the vulnerability and how you can ensure that it won’t be a problem for you or your company.

Chromium Bug Explained

Internet browsers such as Opera, Edge, and Chrome are built on top of Google’s open-source Chromium platform and therefore share a lot of the same code. Unfortunately, researchers found an exploitable vulnerability in the Chromium code that would allow hackers to bypass the Content Security Policy on websites, leaving them able to steal data or run malicious code. 

What is the Content Security Policy?

The Content Security Policy (CSP) is an Internet standard that was designed to eliminate certain types of cyberattacks. The policy provides access to website administrators to set the domains that an Internet browser sees as legitimate. An Internet browser with a CSP will block scripts that aren’t loaded into the policy’s parameters. Most websites on the Internet use CSP.

How Does the Hack Work?

In order to use the CSP vulnerability in the Chromium-based browser, the hacker first needs to gain access to a web server. There are several ways this can happen, but most commonly, they can use a brute-force attack--that is an attack where so many different iterations of login credentials are used that eventually the password is discovered--is used. Then the attacker alters the JavaScript to allow the nefarious cofe to work, bypassing the CSP completely.  So while it actually takes a successful hack to exploit the vulnerability, it is still extremely dangerous due to the amount of trust people have in, what claim to be, secure websites.

What You Can Do to Ensure Your Browser is Secure

This is a great example of how even the most trusted software could have long-standing security vulnerabilities. The Chrome browser, which reached 5 billion downloads in 2019, carried this vulnerability for over a year. Since being discovered, however, the issue has been patched. As a result, users of Chrome, Microsoft’s Edge, Opera, and Vivaldi will definitely want to update to developers’ newest versions to ensure your browser doesn’t carry this very dangerous vulnerability. 

Staying safe online requires your browser to be updated and patched. If you need help ensuring your business is running patched and up-to-date software, contact the security professionals at 415 IT today at (415) 295-4898.

Tip of the Week: Two Kinds of Best Practices for R...
Four Questions You Need to Ask Yourself About Your...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, September 21 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://web.415it.com/

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Productivity Technology Best Practices Business Computing Data Data Backup IT Support Network Security Privacy Hosted Solutions Cloud IT Services Data Recovery Efficiency Internet Email Software Business Managed IT Services Malware Outsourced IT Innovation Small Business Google Business Management Tech Term Cybersecurity Collaboration Hackers Cloud Computing Hardware Upgrade Phishing User Tips Business Continuity Computer Windows 10 Microsoft Managed Service Mobile Devices Smartphone Communication Workplace Tips Mobile Device VoIp Quick Tips Android Ransomware Disaster Recovery Paperless Office Backup Managed Service Provider Smartphones Encryption Communications Covid-19 Business Technology Saving Money Remote Work Browser Server Data Management Office 365 Network Remote Monitoring BDR Managed IT Vulnerability Windows 7 Users Social Media Healthcare Internet of Things Compliance Passwords Holiday Artificial Intelligence Wi-Fi Document Management Help Desk Save Money Facebook Applications Blockchain Microsoft Office Managed IT services Miscellaneous Data Security Laptops Chrome Government Bandwidth Antivirus Two-factor Authentication Redundancy Scam Health Automation Office Virtualization Processor Employer-Employee Relationship Tip of the week Vendor Management Project Management Information Analytics Avoiding Downtime Mobile Office Customer Relationship Management Data Loss Proactive Router Meetings Storage Maintenance Training OneDrive BYOD VPN Machine Learning Website Infrastructure Files Access Control Employee-Employer Relationship Software as a Service Company Culture Virtual Private Network Mobility Windows Apps Regulations IoT IT Management RMM Gadgets Hard Drive Information Technology Network Management Alert Monitoring Flexibility Mobile Security Professional Services Bring Your Own Device Consultation HIPAA Managed Services Remote Worker Utility Computing Unified Communications Co-Managed IT Financial Remote Monitoring and Management Operating System Time Management Gmail Networking The Internet of Things Cooperation Search Electronic Health Records Risk Management Employees Consulting Downtime Money Instant Messaging Recycling Unified Threat Management Password Net Neutrality Managed Services Provider Tablet Remote Workers Dark Web Augmented Reality Data Storage Internet Exlporer Smart Technology Word File Management Server Management Computing Patch Management Data Breach Management Social Network File Sharing Payment Cards Assessment Comparison Licensing Teamwork E-Commerce Theft App Cybercrime Authentication Identity Theft Cyber security Enterprise Resource Planning Windows Server 2008 Return on Investment Electronic Medical Records Geography Shadow IT Data Warehousing Techology Options Telephone Cache Content Filtering Technology Tips SaaS OneNote Permission Social Networking Holidays Distributed Denial of Service Legislation Specifications Shared resources Features Going Green Screen Reader Outsource IT Technology Laws Database Management Authorization Identity Touchscreen Emergency Hacking Multi-Factor Security Settings Personal Information Modem High-Speed Internet Outsourcing Operations Outlook Disaster Resistance 5G Politics Remote Computing Mobile VoIP Remote Digital Payment Hotspot Printer Virtual Assistant How To Bitcoin Test G Suite IT Managed IT Service Manufacturing Tech Support Vendor Private Cloud Peripheral Mobile Optimization Black Friday Batteries Procurement Smart Tech Laptop Heating/Cooling Unified Threat Management WPA3 GDPR Trending Transportation Active Directory Development Video Conferencing Shortcut Proactive IT Wireless Internet Big Data Banking Mouse Language Statistics Wasting Time Current Events Motherboard Chromebook Business Telephone Break Fix Bookmarks IT Technicians Smart Devices ROI Cost Management PCI DSS Zero-Day Threat Virtual Machines Cyber Monday Staff Lenovo CIO applications Cyberattacks Social Connectivity Remote Working Permissions Servers Fleet Tracking Computing Infrastructure Samsung Windows Server Mobile Device Management Cookies Cables Biometric Microsoft Excel IT Consulting Employer/Employee Relationships Customer Service Migration Apple eWaste Bluetooth SharePoint Database Wireless Vulnerabilities IT Assessment Recovery Hard Disk Drives Favorites Sensors Notes Asset Tracking Backup and Disaster Recovery Managing Stress Credit Cards Superfish Read Only Security Cameras Budget Google Calendar Fraud Mail Merge User Error Alerts Point of Sale User Management Tech Terms Nanotechnology Wires Gamification MSP Proactive Maintenance Finance Chatbots Solid State Drive Downloads Voice over Internet Protocol Projects Mobile Computing Digitize Virtual Reality Solid State Drives Conferencing Mirgation CRM Travel Websites WiFi PowerPoint Display Human Error Spam Enterprise Content Management Computers Firewall Wearable Technology Value of Managed Services Printing Star Wars Address Regulation Education Twitter CEO Students Marketing Daniel Stevens Printers

Latest Blog

Did you know that, as of July 2020, 69 percent of global desktop Internet users utilized Google Chrome as their browser of choice? With such a large market share, the security associated with Google Chrome is important to keep in mind. To help increase some of this awareness...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...