Examining the Recent Chromium Bug
Google’s open-source platform, Chromium, has been used as the foundation for many current Internet browsers. That’s why browsers like Opera, Edge, and of course Google Chrome all share a lot of the same code in their makeup. That’s also why the presence of an exploitable vulnerability within Chromium’s code is a very bad thing.
The vulnerability in question could allow hackers to bypass any website’s Content Security Policy, thereby enabling them to run malicious code and/or steal data.
The Content Security Policy (CSP)
The CSP is an Internet standard meant to eliminate the threat of some cyberattacks and is currently used on most websites. Basically, this standard enabled website admins to identify the domains that a browser like Chrome or Opera will recognize as legitimate and block any scripts that haven’t been preloaded into the policy’s parameters.
How Hackers Can Use It
To make use of the CSP vulnerability, a hacker needs access to a web server. While they could accomplish this through assorted means, a brute-force attack is the most common method of gaining this access. Basically, by trying vast numbers of login credentials in rapid succession, the hacker can overcome a website’s protections. Once they’re in, the hacker can make amendments so that the CSP is bypassed and the code they’re implementing will work. While this vulnerability does require a successful hack to take place, it can still be very effective thanks to many websites sporting questionable security standards.
How to Secure Your Browser Against This CSP Vulnerability
Unfortunately, what we have here is a prime example of how even the most trusted software isn’t infallible, and how long security vulnerabilities can fly under the radar. Despite 5 billion downloads as of 2019, it still took over a year to catch this issue.
Fortunately, the issue has since been amended, so users of…
… and any other Chromium-based browser will want to update them to the latest versions to ensure that the vulnerability is successfully patched.
Maintaining your software, especially your browser and other Internet-facing applications, is a requirement if you want to stay safe online. For help in ensuring that your business has this taken care of, you can rely on Level5 Management. Give our IT professionals a call at (561) 509-2077.