Google has issued a chilling warning to the 2.6 billion people who use its Chrome web browser.
The US tech titan told fans last week to expect a rise in the number of reported cyberattacks in the coming months.
Adrian Taylor, a member of Chrome’s Security Team, explained the increase in a blog post on March 10.
He was prompted to write the post in response to increasing reports of exploits found “in the wild” by Google’s network of researchers.
Those are the software vulnerabilities that are actively being used by cybercrooks to break into Chrome and attack users.
Google reports the exploits it finds in a regular blog series.
“If you are a regular reader of our Chrome release blog, you may have noticed that phrases like ‘exploit for CVE-1234-567 exists in the wild’ have been appearing more often recently,” Taylor wrote.
He added that the rise in cyberattack reports is likely a result of two factors.
“While the increase may initially seem concerning, it’s important to understand the reason behind this trend.” Taylor wrote.
“If it’s because there are many more exploits in the wild, it could point to a worrying trend.”
He added: “On the other hand, if we’re simply gaining more visibility into exploitation by attackers, it’s actually a good thing!
“It’s good because it means we can respond by providing bug fixes to our users faster, and we can learn more about how real attackers operate.
“So, which is it? It’s likely a little of both.”
The number of in-the-wild exploits, also known as “zero days”, discovered by researchers more than tripled between 2019 and 2021, according to data from Google’s Project Zero cybersecurity lab.
The dramatic rise in Chrome’s popularity in recent years may partly be to blame, Taylor said, as it makes the browser a more attractive prospect for cyber attacks due to its large base of potential victims.
Also responsible for the rise is the increased complexity of browsers such as Chrome as PCs and smartphones become smarter.
Taylor explained that hackers increasingly need multiple attacks to break through Chrome’s defenses.
This is due to its security team’s decision to separate running programs so that attacks cannot spread between vulnerable parts of the browser.
“An attacker generally now has to use more bugs than they previously did,” Taylor wrote.
“For exactly the same level of attacker success, we’d see more in-the-wild bugs reported over time, as we add more layers of defense that the attacker needs to bypass.”
For its part, Chrome is accelerating its release cycles to try and slash the time between an exploit’s discovery and its patch launch.
That gap has already dropped from 35 days in Chrome 76 to an average of 18 days today, with plans in place to reduce this further in future.
Users can keep their PCs protected by ensuring they keep their browsers up to date with the latest software releases.
“Above all,” Taylor wrote. “If Chrome is reminding you to update, please do!”
To update Chrome, open the browser and click the More icon (three vertical dots) in the top right.
This story originally appeared on The Sun and was reproduced here with permission.