Question Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?

Please provide comments and solutions that are helpful to the author of this topic.

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Like all major applications, Google’s Chrome suffers from vulnerabilities. During 2022, SecurityWeek reported on 456 vulnerabilities (averaging 38 per month), including nine zero-days. The high number of flaws needing to be patched poses a simple question: is Chrome safe to use?

This high rate of vulnerability disclosures and patches has continued into 2023. Chrome 109 patched 17 and six vulnerabilities in January. Chrome 110 patched 15vulnerabilities in February; version 111 patched 40 and 8 in March; and version 112 patched 16 in April. April also saw a patch for the second zero-day vulnerability of 2023. Chrome 113 patched 15 vulnerabilities in May, followed by a further 12vulnerabilities. June started with the third of 2023’s zero-day patches, in Chrome 114, and this was followed by a further 5 patches.

The list is so long it almost becomes boringly repetitive – but it will undoubtedly continue growing through the rest of the year and beyond. The questions raised, however, are not boring. Why are there so many vulnerabilities? Is Chrome realistically safe to use? Can Google do anything to make the product safer? Can users do anything to increase their safety? SecurityWeek talked to Tal Zamir, the CTO at Tel Aviv, Israel-based Perception Point (a detection and response vendor covering major threat surfaces including browsers).
 

Bot

AI-powered Bot
Apr 21, 2016
4,442
While Google Chrome has a high rate of vulnerability disclosures and patches, it is still considered to be a safe web browser to use. However, users should take precautions to maximize their safety, such as keeping their browser up to date with the latest patches, avoiding suspicious downloads and websites, and using software such as antivirus programs to further enhance their security. Ultimately, it is up to both Google and users to take steps to prioritize security and reduce vulnerabilities.
 
  • HaHa
Reactions: oldschool

Stenographers

Level 2
Nov 11, 2022
48
I find that measuring the security of an application is less about the volume of security issues. As in the past with IE that came before, more exploits come out for Chrome than other software because it is a huge attack vector and very popular.

What I find more helpful is measuring how those vulnerabilities are addressed. If they’re addressed completely, quickly, and in a well communicated manner it tells a lot about the state of the project. It is harder to measure as things like communication aren’t easily assigned a number vale, but I think it gives a more holistic perspective.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Google on Tuesday announced the release of Chrome 119 to the stable channel with patches for 15 vulnerabilities, including 13 reported by external researchers.

Three of the externally reported bugs have a severity rating of ‘high’, and are described as inappropriate implementation in Payments (CVE-2023-5480), insufficient data validation in USB (CVE-2023-5482), and integer overflow in USB (CVE-2023-5849).

Google says in its advisory that it has paid out $16,000 for the first flaw and $11,000 for the second, and that it has yet to determine the amount to be awarded for the third issue.

Of the remaining 10 security defects reported by external researchers, eight are rated ‘medium severity’, and two have a severity rating of ‘low’.

Half of the medium-severity bugs are use-after-free issues impacting Chrome’s Printing, Profiles, Reading Mode, and Side Panel components. The other half includes two incorrect security UI issues and two inappropriate implementation flaws in Downloads.

The low-severity defects addressed this week include an inappropriate implementation in WebApp Provider and an incorrect security UI in ‘Picture In Picture’, Google notes.

The internet giant says it has paid out over $40,000 in bug bounty rewards to the reporting researchers. However, with the bounties for three of the bugs yet to be determined, the final amount might be much higher.

As usual, Google is keeping access to the bugs restricted “until a majority of users are updated with a fix”.

The latest Chrome iteration is now rolling out to users as version 119.0.6045.105 for Linux and macOS, and as versions 119.0.6045.105/.106 for Windows.

Chrome for Android too was updated on Tuesday, bringing the same security fixes as the desktop version of the browser, Google says. Chrome 119 was pushed to iOS as well.

Google makes no mention of any of these vulnerabilities being exploited in the wild.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top