Get Information

Thank you for your interest. Please fill out the form below or call us at 800.921.2414 to request more information.
* required fields

Get Passages

Thanks for your interest in Passages. Once we receive your information, we will get back to you quickly.

* required field

Looking for Passages support? Access our knowledge base or submit a ticket.

Google Chrome Vulnerability Puts Many Users at Risk

Written by Lance Cottrell on 05/18 in Cyber SecurityIT ProfessionalsPassages • 0 Comments

A recently discovered vulnerability in the Chrome Browser on Windows could allow an attacker to capture user credentials and lead to additional levels of compromise.

The vulnerability clearly demonstrates the value of an isolation based approach to security. If the browser is running in a hardened, minimized, and separated environment, then the attacker can’t get access to the user’s credentials, which only exist outside the isolated environment.

Further, the vulnerability depends on the browser automatically downloading a dangerous file without the user’s involvement. An isolated browser has the ability to require user intervention before any file can make it to the computer’s real file system.

How to Protect Yourself

If you use Google Chrome on Microsoft Windows you have a couple of options to protect yourself from this vulnerability. First, you can switch to a different browser. Firefox and Internet Explorer are not vulnerable to this bug. You can also stop the automated downloads by changing your settings in Chrome. Under Settings, select “Show advanced settings” then check the box “Ask where to save each file.” With that setting checked you will be asked to manually specify where to save any download. That gives you the ability to reject any files you did not want or don’t recognize.

Of course, the Passages isolated browser would not have been vulnerable in the first place since this particular attack only works against Chrome on Windows, while Passages runs Firefox on a custom Linux. Nevertheless, even if the attack was effective on our browser and OS, it still would not have been able to reach the desktop, grab credentials, or do other damage.

    Share This Article

Download White Paper

Thanks for your interest in Passages. Your white paper will automatically download after you submit this form.

* required field