MJP –
Google Chrome is currently facing significant security challenges, with two distinct vulnerabilities being actively exploited. This situation has prompted urgent responses, including a directive from the U.S. government requiring all federal employees to update their browsers within 21 days.
Microsoft, which initially discovered and disclosed the first of these vulnerabilities, has gone a step further by suggesting that users might be better off switching from Chrome to a different browser altogether.
The first of these security issues involves a vulnerability known as CVE-2024-7971, which was actively exploited before Google released a patch on August 21. Following this, on August 26, Google issued another update, revealing that a second vulnerability, CVE-2024-7965, had also come under attack. Both of these vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerability (KEV) catalog, with a requirement for Chrome updates by mid-September to mitigate these threats.
The CVE-2024-7971 vulnerability was uncovered and disclosed by Microsoft’s security team, which has since published a detailed report attributing the exploitation of this flaw to a North Korean cyber group that identifies as “Citrine Sleet.”
SEE MORE –
Illegal Trading Investigation Targets Prominent Investment Banking Company
This group primarily targets financial institutions and individuals involved in managing cryptocurrency, with the apparent motive of financial gain. Microsoft explains that Citrine Sleet operates by creating fake websites that mimic legitimate cryptocurrency trading platforms. These websites are then used to distribute malicious applications, either disguised as job applications or as weaponized cryptocurrency wallets and trading software.
Microsoft’s take on the Chrome attack
While Microsoft acknowledges the importance of keeping Chrome, Edge, and other Chromium-based browsers updated, it also emphasizes the need for broader security measures. The company advocates for using security solutions that provide comprehensive visibility across the entire cyberattack chain. Specifically, Microsoft recommends that users consider switching to Microsoft Edge or other browsers that support Microsoft Defender SmartScreen.
This tool is designed to identify and block malicious websites, including those involved in phishing, scams, and malware distribution.
Microsoft’s stance is that Edge offers superior security compared to Chrome, especially in protecting users from malware. This perspective has been evident in Microsoft’s controversial advertising campaigns, which often target users who have set Chrome as their default browser on Windows.
Despite the ongoing debate, the suggestion that users should switch to Edge as part of a security advisory related to a vulnerability disclosed by Microsoft itself has raised eyebrows, given the competitive dynamic between Chrome and Edge. Notably, Chrome remains the dominant browser globally, with a market share significantly larger than that of Edge.
The focus on Edge’s security capabilities highlights a shift in the narrative from the vulnerabilities themselves to the broader context of phishing and how to prevent it.
SEE MORE –
Upcoming Storm! Massive US Auto Company Lays Off Thousands in Workforce Reduction
Microsoft argues that Edge is more effective at blocking the sources of these threats. Meanwhile, Google has been working to enhance its Safe Browsing feature. Traditionally, Safe Browsing relied on a list stored on the user’s device, updated every 30 to 60 minutes, to identify potentially dangerous sites or files. However, Google has acknowledged that this approach is insufficient, as the average malicious site is now active for less than 10 minutes. In response, Google has moved to a real-time check system, which it claims will block 25% more phishing attempts.
Citrine Sleet’s activities are part of a broader pattern of cyber threats emanating from North Korea, particularly focused on cryptocurrency theft. This poses a significant risk, as these types of exploits can quickly evolve from theft to more severe threats like ransomware or espionage.
Since addressing the zero-day vulnerabilities, Google has released another Chrome update on September 2. This update, which brings the stable desktop channel for Windows and Mac to version 128.0.6613.119/.120, addresses two additional high-severity vulnerabilities. These include CVE-2024-8362, a use-after-free vulnerability in WebAudio, and CVE-2024-7970, an out-of-bounds write vulnerability in V8. Although there have been no reports of these vulnerabilities being actively exploited, they remain serious issues that could lead to system destabilization or rogue code execution if left unpatched.
Despite Microsoft’s efforts to persuade users to switch from Chrome to Edge, the impact on Chrome’s user base appears minimal. Recent statistics show that Chrome continues to dominate the desktop browser market, with Microsoft Edge holding a distant second place. However, Edge has shown some growth, with its market share increasing slightly year-over-year.
Google’s position remains strong, partly due to the resilience of its Chrome user base. Nevertheless, Microsoft’s appeal to enterprise security officers to consider the browsers in use within their networks as part of a unified security strategy is a compelling argument.