Skip to main content

Chrome has a security problem — here’s how Google is fixing it

Google Chrome icon in mac dock.
PixieMe / Shutterstock

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Recommended Videos

As of Wednesday, the brand has rolled out Google Chrome 116, which includes the new schedule. Previously a bi-weekly update, Chrome will now be treated to weekly security updates.

Please enable Javascript to view this content

With the open-source nature of Chromium, anyone is able to access the Chrome browser source code, “submit changes for review, and see the changes made by anyone else, even security bug fixes,” Google said on its security blog.

Typically, community members from Google’s Canary and Beta channels notify the brand of various issues of stability, compatibility, or performance that can be addressed before stable updates are sent to the public. This openness is double-edged; however, as bad actors have the same access as good-faith users, allowing them real-time details on vulnerabilities before updates are deployed to a wide range of public users. If taken advantage of, such an attack is called an n-day exploitation.

This is why Google hopes shortening the time between security updates can assist in deterring nefarious users from gaining information about vulnerabilities in Chromium code. Usually, the time between security updates is used for testing prior to a public release. Google first observed this to be an issue in 2020 when its patch gap between updates was approximately 35 days. It then shifted to a biweekly update schedule with the release of Chrome 77.

The brand noted this latest schedule still won’t deter all n-day exploits but can minimize them further. In practice, more frequent security updates offer less time for bad actors to exploit flaws that require detailed paths and more development time. Over time, there is also the likelihood that bad actors will find ways to create faster exploits.

There is also the possibility that the frequency of security updates could eventually truncate even more, with patches being deployed as soon as they’re available.

Google stated it now tackles “all critical and high severity bugs as if they will be exploited.”

Even so, the brand has come to see n-day exploits as just as dangerous as zero-day exploits, which are vulnerabilities that were previously unknown and therefore unaddressed with a patch or update.

Google also recently announced its plans to enable separate Chrome browser support for ChromeOS as of the ChromeOS 116 release. This update would especially benefit Chromebooks, extending the netbooks far longer than their typical software lifespan. The ChromeOS 116 release is scheduled for August 22.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Apple finally has a chance to fix the Vision Pro. Here’s what it needs to do
A person wearing the Apple Vision Pro demo unit in an Apple Store.

If you’ve been following Apple’s Vision Pro in the year or so since it was launched, you’ll know we’ve seen an almost endless supply of reports claiming that the mixed reality headset is in trouble and selling poorly. If that’s the case, it’s clear that Apple needs to do something about it.

Yet, that might not be so easy. Remember when the Apple Watch first launched to a collective “meh” from the world? Even the original iPhone wasn’t a runaway success. But as Bloomberg reporter Mark Gurman puts it in his latest Power On newsletter, these devices had solid foundations that just needed tweaking for them to become the great products they are today. The Vision Pro, he contends, needs a far more drastic overhaul.

Read more
Meta and Google made AI news this week. Here were the biggest announcements
Ray-Ban Meta Smart Glasses will be available in clear frames.

From Meta's AI-empowered AR glasses to its new Natural Voice Interactions feature to Google's AlphaChip breakthrough and ChromaLock's chatbot-on-a-graphing calculator mod, this week has been packed with jaw-dropping developments in the AI space. Here are a few of the biggest headlines.

Google taught an AI to design computer chips
Deciding how and where all the bits and bobs go into today's leading-edge computer chips is a massive undertaking, often requiring agonizingly precise work before fabrication can even begin. Or it did, at least, before Google released its AlphaChip AI this week. Similar to AlphaFold, which generates potential protein structures for drug discovery, AlphaChip uses reinforcement learning to generate new chip designs in a matter of hours, rather than months. The company has reportedly been using the AI to design layouts for the past three generations of Google’s Tensor Processing Units (TPUs), and is now sharing the technology with companies like MediaTek, which builds chipsets for mobile phones and other handheld devices.

Read more
Google Chrome may start resurfacing tabs from your other devices
Google Chrome browser running on Android Automotive in a car.

Google has announced that it is currently "experimenting" with a feature that suggests pages to you based on open tabs from other devices. Chrome is already handy at picking up where you left off on other devices through tab syncing. To bolster this seamless handoff between devices, this potential new feature will serve up these tabs.

Google didn't detail exactly how this would look, but the blog post reads that it would "proactively suggest pages" on the Chrome New Tab page. Right now, this page is filled with quick links to your most viewed websites and hand-picked shortcuts. For what it's worth, to me this seems like a convenient place to put these tabs.

Read more