New Update Google will now release weekly Stable security updates for its Chrome browser

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
Google is going to release faster updates for users of its Chrome web browser in the interest of better security. Today, Google announced that it will release new security updates for Stable Chrome users every week, starting with this week's release of Chrome 116 in the Early Stable channel.

In a blog post, Google said that in the past, it has released one security update in between the Stable milestone Chrome releases (called "Stable Refresh"), which happens every four weeks. As with many browsers, Google uses the Chromium open-source code as the basis for Chrome. Google states:

This openness has benefits in testing fixes and discovering bugs, but comes at a cost: bad actors could possibly take advantage of the visibility into these fixes and develop exploits to apply against browser users who haven’t yet received the fix. This exploitation of a known and patched security issue is referred to as n-day exploitation.
That’s why we believe it’s really important to ship security fixes as soon as possible, to minimize this “patch gap”.

The move to issue weekly security updates should allow Google to close the "patch gap" for Chome compared to the previous schedule of bi-weekly patch releases:

While we can’t fully remove the potential for n-day exploitation, a weekly Chrome security update cadence allows up to ship security fixes 3.5 days sooner on average, greatly reducing the already small window for n-day attackers to develop and use an exploit against potential victims and making their lives much more difficult.

Google says that if a security exploit in Chome is discovered to be used out in the wild, the company will quickly fix and release an unscheduled patch for the browser. However, since it will now release new security updates every week, Google expects these kinds of unscheduled updates to be reduced as well.
 
F

ForgottenSeer 97327

I once read an article that Google's quality system, defensive design, programming best practices and (automated) regression testing were the best of all large internet company's (Apple, Amazon, Meta and Microsoft). The author of that article warned competing browsers build upon Chromium that they should not loose themselves in a lot of tailored code, because you need to test all that extra code (regression tests whether it still works okay afte you have made changes).

He warned that when Google wanted to pull the legs of their Chromium based competitors, Google might increase its six weekly update schedule to a monthly or even less. That scenario never happened. Bringing out security updates every week is not the same thing, but it is surely annoying for others to keep up. I wish Microsoft a lot of regression testing efforts and I hope their added bloat will take a lot of maintenance manpower away from the development team. :)
 
Last edited by a moderator:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,123
Google recently announced that it will provide weekly security updates for its Chrome browser. The Mountain View company has revealed a change to its safety check settings that will warn you when an extension was removed.

Oliver Dunk, a Developer Relations Engineer for Chrome Extensions, has published an article on the Chrome Developer's blog to explain the new policy in the browser. Normally, when an extension is removed from the Chrome Web Store, it is because of one of the following reasons. The add-on may have been unpublished (or pulled) by the developer. An extension may be taken down for violating Chrome Web Store policy, or if the plugin was discovered as malware.

So, when an extension that you used disappears mysteriously, it is due to one of the above cases. But, you, as the user, may not be informed about the reason for the add-on's removal. This is precisely what Chrome wants to address.

Google-Chrome-review-extensions-from-safety-check-settings.jpg

(Image courtesy: Google)​
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top