Monday, March 8, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Google cuts Chrome ‘patch gap’ in half, from 33 to 15 days

February 4, 2020
in Internet Security
Google cuts Chrome ‘patch gap’ in half, from 33 to 15 days
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Google security engineers said last week they have successfully cut down the “patch gap” in Google Chrome from 33 days to only 15 days.

The term “patch gap” refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library.

You might also like

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

Maza Russian cybercriminal forum suffers data breach

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

In today’s software landscape where many apps rely on open source components, the “patch gap” is considered a major security risk.

The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openess of most open source projects.

Hackers can then use details about these security flaws to craft exploits and launch attacks against software that relies on the vulnerable component, before the software maker has a chance to release a patch.

If the software maker is on a fixed release schedule, with updates coming out every few weeks or months, the patch gap can provide hackers with an attack window that most software projects can’t deal with.

The Chrome web browser is one of these projects that are affected by a patch gap because it uses a large number of open source components — from the PDFium PDF-viewing library to the V8 JavaScript engine, just to name a few.

In 2019, security researchers from Exodus Intelligence have highlighted on two ocassions that Chrome’s large patch gap can be exploited by attackers.

First in April, and then in September, Exodus researchers developed proof-of-concept exploit code for security bugs fixed in the V8 JavaScript engine that had yet to make their way downstream into the Chrome codebase.

Google took notice

The good news for Chrome users is that the Exodus team’s research on the topic and subsequent warnings did not go unheard with the Chrome Security team.

In Chrome’s recently published quarterly security summary for Q4 2019, Google engineers said they’ve worked to reduce Chrome’s patch gap.

“We now make regular refresh releases every two weeks, containing the latest severe security fixes,” said Andrew R. Whalley, a member of the Chrome Security team.

“This has brought down the median ‘patch gap’ from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it,” he added.

Chrome security updates every week?

As Whalley explained, Google’s answer to reducing Chrome’s patch gap was to release security fixes more often. With Google planning to cut the patch gap even more this most likely means that we might soon see Chrome security fixes released on a weekly basis, as Google engineers push critical security fixes from the open source libraries to users’ Chrome browsers.

Since Chrome features a silent update mechanism that’s turned on by default for all users, in most cases, Chrome end users won’t have to do take any action to receive the fixes.

Similar issues with “patch gapping” also impact Google’s second major software project, the Android OS, which also relies on a large number of open source components. However, delivering security updates for Android is … a mess, to put it midly.

Credit: Zdnet

Previous Post

Univariate Analysis – A Key to the Mystery Behind Data!

Next Post

Isolation Forest algorithm for anomaly detection

Related Posts

Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud
Internet Security

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

March 7, 2021
CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
Internet Security

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

March 7, 2021
Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Next Post
Isolation Forest algorithm for anomaly detection

Isolation Forest algorithm for anomaly detection

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
An Easy Way to Solve Complex Optimization Problems in Machine Learning
Data Science

An Easy Way to Solve Complex Optimization Problems in Machine Learning

March 8, 2021
Machine Learning Patentability In 2019: 5 Cases Analyzed And Lessons Learned Part 4 – Intellectual Property
Machine Learning

Podcast: Non-Binding Guidance: FDA Regulatory Developments In AI And Machine Learning – Food, Drugs, Healthcare, Life Sciences

March 8, 2021
Here’s an adorable factory game about machine learning and cats
Machine Learning

Here’s an adorable factory game about machine learning and cats

March 8, 2021
How Machine Learning Is Changing Influencer Marketing
Machine Learning

How Machine Learning Is Changing Influencer Marketing

March 8, 2021
Video Highlights: Deep Learning for Probabilistic Time Series Forecasting
Machine Learning

Video Highlights: Deep Learning for Probabilistic Time Series Forecasting

March 7, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’ March 8, 2021
  • An Easy Way to Solve Complex Optimization Problems in Machine Learning March 8, 2021
  • Podcast: Non-Binding Guidance: FDA Regulatory Developments In AI And Machine Learning – Food, Drugs, Healthcare, Life Sciences March 8, 2021
  • Here’s an adorable factory game about machine learning and cats March 8, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates