Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsCybersecurity News

Chrome gets patched again, but 83% of users aren’t running the latest version

By Maria Henriquez
google
November 20, 2020

According to Menlo Security, Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome.

Menlo Labs discovered that there are 49 different versions of Chrome being used by their customers as of November 17. Nearly two-thirds (61 percent) are running the latest build (.86) while just over a quarter (28 percent) are running one version prior (.85). Out of the customers running .86, a staggering 83 percent are running versions of Chrome that are vulnerable (<Chrome/86.0.4240.198). If these customers were using legacy-based detection approaches, these active zero days would have been a risk for them, says Menlo Labs.

The chart below shows the top five versions of Chrome 86 seen on the Menlo platform as of November 17. The data shows that even though a patched version of the browser may be available for more than six days, customers are still not running these versions.

menlo

Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyberattackers, explains that so long as there are zero days, which appears to be an indefinitely long, unceasing period of time, prevention will have a failure rate. 

"Further, the current state of organizational overinvestment in prevention is almost always an exercise in expensive, marginal (if any) increase in capability rather than a transformative increase in capability – at the stifling cost of paralyzed business objectives and increasingly constrained productivity. What’s more important than prevention is resilience, which involves identifying security investments that minimize the impact of an attack. And yes – so long as adversaries can enjoy enormous economies of scale through Chrome – it’s nearly everywhere – it will continue to receive targeted attacks," says Wade. 

Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, notes, that because web browsers interact with many different software packages on an operating system, it makes it impossible for a single product to protect web users from all conceivable attacks delivered through the browser. 

Mannino adds, "Attackers will continue targeting web browsers because this remains a great entry point to compromising endpoints inside of an organization. Browsers are a great way to deliver exploits across a variety of technologies supported by browser extensions and plugins. Web browsers tend to be patched faster in many organizations than other applications and packages. Extensions tend to be updated less frequently, with less enterprise controls enforced for hardening these additional attack surfaces." 

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, "Since the vulnerabilities are in the app itself, it requires more than just monitoring web traffic to prevent zero days. Mobile app vulnerabilities will always pose risk for organizations. In order to have an airtight security strategy, you need to know when vulnerable apps are present in your fleet as soon as they’re disclosed. Since it takes time for people to update their apps, attackers will continue to target the Chrome browser."

"These vulnerabilities are only patched if the user updates their app. Since many people don’t have automatic updates turned on, it’s likely attackers could still find success in exploiting these vulnerabilities. In the case of a successful exploit on mobile, the threat actor gains access to anything the Chrome app has access to. This includes browsing history, the camera and microphone, and location data. Malicious access to this data could put corporate data at risk if the user accesses any corporate resources through Chrome. Exfiltration of this type of data could also lead to compliance and other regulatory violations,"

Without visibility into the mobile apps on your employees’ mobile devices, it’s impossible to tell whether a vulnerable app could be threatening your corporate infrastructure, Schless adds. "Most everyone has a tool in place that does this for computer apps. With the amount of data access mobile devices have now, they should be treated with the same priority when it comes to your security strategy. Using a tool that can provide actionable information on mobile vulnerability and patch management is key to preventing a breach."

Zero Trust is also a big part of this, Schless explains. "You need to be able to extend policies to mobile devices that require them to have the most up-to-date version of apps in order to access corporate infrastructure.  Executing this type of policy is a best practice of ensuring strong mobile risk and compliance management. "

KEYWORDS: cyber security Google security vulnerability

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • microsoft

    22% of PC users still running end-of-life Windows 7 OS

    See More
  • Twitter, Chrome, Wiki and the New Lingo of Security

    See More
  • Man and women in office

    83% of organizations faced at least one account takeover the past year

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing