Google improved Chrome browser security by reducing patch gap by half.

Google improved Chrome browser security by reducing patch gap by half.

Chrome Updates: Bolstering Security Against Hackers

Google Chrome

Google is stepping up its security game for the Chrome browser by accelerating its patch release schedule. While the previous bi-weekly updates aimed to keep the browser safe, the company now acknowledges the need for a faster response to thwart hackers and other malicious actors from exploiting vulnerabilities.

Chrome has always been a prime target due to its market dominance. Being the most widely-used browser, it naturally attracts unwanted attention. With Chrome being based on the open-source Chromium browser, which allows anyone to view its source code, bad actors can more easily discover and exploit zero-day vulnerabilities and other flaws. Zero-day flaws, once made publicly known, become n-day flaws. The time between zero-day and n-day flaws is known as the “patch gap,” which is a critical period.

To close this patch gap and better protect Chrome users, Google has shifted its security update schedule from bi-weekly to weekly. By releasing security patches more frequently, Google intends to minimize the window of vulnerability in live Chrome versions. This change is a response to the fact that, just two years ago, the patch gap for Chrome stood at an alarming 35 days, making it an attractive target for numerous attacks.

The recent release of Chrome 77 effectively reduced the patch gap to 14 days, providing some relief against threats. However, it is important to note that reducing the time between patches does not guarantee 100% security. Some vulnerabilities are more complex and require additional time to address.

Nevertheless, with the patch gap cut in half, Chrome is expected to reach an enhanced level of security. Threat actors will have less time to exploit n-day vulnerabilities before they are patched. However, for this plan to be effective, it relies on users promptly applying the weekly patches by closing and reopening their browsers when prompted. Users should expect to see these updates more frequently and ensure they restart Chrome as instructed.

The Mobile Conundrum

While the desktop version of Chrome benefits from this accelerated patch schedule, the Android version faces a different challenge. Google does not always have control over when manufacturers release updates for Android devices. Pixel users can rely on more regular Chrome patches, but for other devices, there is no guarantee and it might take months before patches are sent to users.

Regardless of whether you use the desktop or mobile version of Chrome, it is crucial to regularly check for updates or restart your browser when patches are automatically applied.

Overall, Google’s move to a weekly patch release schedule for Chrome demonstrates its commitment to improving security and protecting users from potential exploits. By closing the patch gap and urging users to stay up to date, Chrome aims to make browsing experiences safer and provide better defense against cyber threats.