Security Awareness – Browser Vulnerabilities

People use internet browsers every day to conduct business and for recreation. Unfortunately, browsers collect large amounts of sensitive user data which provide attractive targets for threat actors to exploit. Additionally, browsers are frequently updated with new features that increase the risk of vulnerabilities in the source code that adversaries can leverage to compromise systems. Relatedly, there are only two types of open source browser engines, Chromium and Mozilla Firefox. Thus, attackers have the fortune of being able to focus on discovering vulnerabilities for only two engines that may provide exploitation across multiple browsers.

The risk of your browser being compromised is growing as the number of browser vulnerabilities have increased. “In the first quarter of 2022 alone, Chrome fixed 113 vulnerabilities, 13 [percent] more than in the same period in 2021, while Firefox fixed 88 vulnerabilities, a 12 [percent] jump from the first quarter of 2021,” according to Dark Reading. Vulnerabilities are not the only way your browser can be compromised; attackers also typically send phishing emails that include exploit kits for targeting web browsers. To reduce the chances of suffering an attack via your browser, organizations should keep all browsers fully patched, enable multi-factor authentication, regularly clear browser history of cookies and other sensitive data, and conduct frequent awareness training so users understand the nature of these threats. Read more at Dark Reading.