Google Chrome Users Still Vulnerable to Multiple Attacks, Says Study

The year 2020 was a very tough one for enterprises for many reasons. Perhaps one of the biggest reasons was that COVID-19 forced businesses and other organizations to make an almost overnight transition to remote work. On the other hand, cyber attackers had a great year. Remote work and the shift to the cloud have resulted in a greatly increased attack surface area that attackers have capitalized on.

Last year, we saw a resurgence of ransomware attacks, increase credential phishing campaigns and new and novel attacks targeting cloud assets and resources. Browsers have become even more powerful and are increasingly being used to access new applications and cloud resources, which also increases their importance in cybersecurity.

While we continue to see new and novel types of attacks, one attack technique that has persisted is the use of web browser exploits to compromise endpoint systems. While we do not see a lot of exploit kits these days, we are seeing more sophisticated attackers that continue to use this infection vector by developing zero days.

Our research shows that Chrome has the largest market share, so it’s natural that attackers go after it. Starting January 2020, Microsoft’s Edge browser became based on Chromium. Developing an exploit for Chrome now gives the attackers a much larger attack surface to go after.

After Google fixed five flaws in Chrome in a span of a month, we published a blog that showed a significant number of customers were still running old versions of the browser.

Looking at the Chrome browser update cycle across our global customer base, we can see this patch lag. The following image is data collected from our global platform across four months, November 2020 through February 2021. It clearly shows the adoption of Chrome updates after they are released. For context the following are the release dates of the Chrome versions in the chart below:

• • Chrome 88: January 19, 2021
  • Chrome 87: November 17, 2020
  • Chrome 86: October 6, 2020
• 

From the graph, we can see that while Chrome 87 was released on November 17, it took at least a month for customers to start updating their browsers. December was when Chrome 87 saw adoption rates of close to 84 percent. We see the same trend going into January 2021. Chrome 88 was released on January 19, 2021, and we are now seeing a considerable increase in Chrome updates. This quicker adoption for Chrome 88 might be attributed to the recent SolarWinds breach, with customers being more vigilant with updates.

We noticed that across our customer base, there were some early adopters of these updates and they are consistent in their patching cycle. The same set of customers who were early adopters of Chrome 87, also updated quickly to Chrome 88.

Across our global customer base, we saw that the following verticals were early adopters of browser updates:

• • Finance and Banking
  • Government
  • Construction
  • Oil and Gas

North America and Singapore were the regions that had the most customers updating as soon as the patch was released.