Being Googley: Is the Chrome Browser at Risk in Some SolarWinds?

April 15, 2022

I read “Google Issues Third Emergency Fix for Chrome This Year.” The main idea is that Google is pumping out software which appears to invite bad actors to a no-rules party. The article states:

The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi. It is the third such emergency update Google has had to issue for Chrome this year.

Yeah, the browser thing.

Several observations:

  1. If a wildly popular Google output cannot be made secure, what about the services and software which are less engineer “rich”?
  2. Does Google deserve the scrutiny that Microsoft and other alleged monopolies attracts? Google has been “off the radar” compared with other companies in the last couple of years it seems.
  3. What will bad actors do with the signal that three security updates have been issued, and we have not made it to the summer solstice? My thought is that computer science students in some Eastern European countries will be getting some new homework assignments.

Like other large companies, making any security issue public poses risks: There are stakeholders, there are legal eagles, and there are those fresh faced, motivated students in countries which crank out capable programmers and engineers. Some of these individuals may find that exploit creation provides a way to spin up some extra cash.

How many of these individuals are available on gig work sites? What information is flowing through private Telegram groups? The limping Dark Web still has some interesting for a too.

Net net: What Googley vulnerabilities exist which have not been disclosed? How many weak spots exist in the Google just waiting for a bright person to exploit? We know what the article reports, and that information begs more difficult questions.

Stephen E Arnold, April 15, 2022


Comments are closed.

  • Archives

  • Recent Posts

  • Meta