You are here: Blog Josh Coppage Why Shadow IT is Such a Big Deal

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Is This Bug in Your System? Chances Are, It Was!

Voyage Technology Blog Alerts
0 Comments
Is This Bug in Your System? Chances Are, It Was!

Cybersecurity is challenging enough… you don’t need issues coming from one of your key applications. However, since a bug was found in some of the most popular Internet browsers today—potentially risking billions of people’s data security—you could very well see these kinds of issues. Let’s go over this vulnerability, and what you can do to address it.

Examining the Recent Chromium Bug

Google’s open-source platform, Chromium, has been used as the foundation for many current Internet browsers. That’s why browsers like Opera, Edge, and of course Google Chrome all share a lot of the same code in their makeup. That’s also why the presence of an exploitable vulnerability within Chromium’s code is a very bad thing.

The vulnerability in question could allow hackers to bypass any website’s Content Security Policy, thereby enabling them to run malicious code and/or steal data.

The Content Security Policy (CSP)

The CSP is an Internet standard meant to eliminate the threat of some cyberattacks and is currently used on most websites. Basically, this standard enabled website admins to identify the domains that a browser like Chrome or Opera will recognize as legitimate and block any scripts that haven’t been preloaded into the policy’s parameters.

How Hackers Can Use It

To make use of the CSP vulnerability, a hacker needs access to a web server. While they could accomplish this through assorted means, a brute-force attack is the most common method of gaining this access. Basically, by trying vast numbers of login credentials in rapid succession, the hacker can overcome a website’s protections. Once they’re in, the hacker can make amendments so that the CSP is bypassed and the code they’re implementing will work. While this vulnerability does require a successful hack to take place, it can still be very effective thanks to many websites sporting questionable security standards.

How to Secure Your Browser Against This CSP Vulnerability

Unfortunately, what we have here is a prime example of how even the most trusted software isn’t infallible, and how long security vulnerabilities can fly under the radar. Despite 5 billion downloads as of 2019, it still took over a year to catch this issue.

Fortunately, the issue has since been amended, so users of…

  • Chrome
  • Edge
  • Opera
  • Vivaldi

… and any other Chromium-based browser will want to update them to the latest versions to ensure that the vulnerability is successfully patched.

Maintaining your software, especially your browser and other Internet-facing applications, is a requirement if you want to stay safe online. For help in ensuring that your business has this taken care of, you can rely on Voyage Technology. Give our IT professionals a call at 800.618.9844.

Tweet
Tags:
Google Chrome Browser
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 26 December 2024

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Business Computing Data Productivity Business Software Innovation Hackers Cloud Network Security Hardware Internet Efficiency IT Support User Tips Malware Privacy Email Phishing Workplace Tips Google Computer IT Services Users Collaboration Mobile Device Hosted Solutions Quick Tips Ransomware Cybersecurity Small Business Workplace Strategy Microsoft Data Backup Communication Smartphone Business Management VoIP Smartphones Android Saving Money Mobile Devices communications Passwords Backup Data Recovery Managed Service Managed IT Services Social Media Microsoft Office Upgrade Browser Disaster Recovery Network Tech Term Remote Internet of Things Automation Artificial Intelligence Facebook Cloud Computing Covid-19 Miscellaneous Gadgets Remote Work Server Windows Managed Service Provider Current Events Information Productivity Outsourced IT Encryption Spam Holiday Employee/Employer Relationship AI Windows 10 Government Office Business Continuity Data Management Compliance Virtualization Blockchain Wi-Fi Training Business Technology Windows 10 Data Security Apps Two-factor Authentication Mobile Office Bandwidth App Employer-Employee Relationship Vendor Chrome Mobile Device Management Managed Services Budget Voice over Internet Protocol Gmail Apple Networking How To BDR BYOD Computing Applications Hacker Information Technology Avoiding Downtime Access Control Office 365 Tip of the week Conferencing WiFi Big Data Operating System HIPAA Router Computers Virtual Private Network Risk Management Health Website Help Desk Marketing Analytics Office Tips Augmented Reality Retail Storage Password Healthcare Bring Your Own Device Managed IT Services Cooperation Free Resource Project Management Windows 7 Social Going Green Patch Management Save Money Microsoft 365 Remote Monitoring End of Support Vulnerability Solutions Vendor Management Cybercrime Customer Service Display Printer Windows 11 Paperless Office Infrastructure Monitoring 2FA IT Support Excel Document Management Firewall Remote Workers Telephone Scam Data loss The Internet of Things Data Privacy Images 101 Robot Telephone System Multi-Factor Authentication Mobility Cost Management Settings Wireless Customer Relationship Management Printing Content Filtering IT Management Employees VPN YouTube Meetings Integration Physical Security Hacking Presentation Cryptocurrency User Tip Modem Mobile Security Computer Repair Processor Wireless Technology Holidays Virtual Desktop Data storage LiFi Data Storage Smart Technology Supply Chain Outlook Video Conferencing Managed Services Provider Word Machine Learning Saving Time Virtual Machines Money Professional Services Humor Managed IT Service Maintenance Antivirus Downloads Sports Safety Mouse iPhone Licensing Administration Entertainment Vulnerabilities Best Practice Alert Trends Supply Chain Management Dark Data Customer Resource management FinTech Regulations Managed IT Google Calendar Term Google Apps Buisness File Sharing IT solutions How To Data Analysis Star Wars IT Assessment Application Legal Microsoft Excel IT Maintenance Staff Value Business Intelligence Business Growth Notifications Gamification Flexibility Organization IBM Social Networking Legislation Shortcuts Travel Google Maps Cortana Fileless Malware Digital Security Cameras Smart Devices Techology Ransmoware Content Remote Working Wearable Technology Memory Vendors Alt Codes Health IT Motherboard Data Breach Comparison Google Play Be Proactive Downtime Unified Threat Management Permissions Workforce Hosted Solution Directions Videos Assessment Electronic Health Records Unified Threat Management Competition Wasting Time Threats Typing Network Congestion Trend Micro Specifications Security Cameras Workplace Strategies Fraud Meta Knowledge Microchip Internet Exlporer Software as a Service Google Drive User Error Username Managing Costs Amazon 5G eCommerce User Black Friday SSID Point of Sale Virtual Assistant Outsource IT Unified Communications Experience Database Surveillance Google Docs IT Technicians Virtual Machine Environment Bitcoin Network Management Media Running Cable Tech Support Monitors Proxy Server Reviews IP Address Cookies Google Wallet Cyber Monday Medical IT Hotspot Transportation Small Businesses Tactics Development Mirgation Hypervisor Displays Windows 8 Laptop Websites Shopping Nanotechnology Optimization Recovery Drones PowerPoint SharePoint Language Employer/Employee Relationships Outsourcing Electronic Medical Records Addiction Hard Drives Management PCI DSS Domains Chatbots Navigation Halloween Writing Gig Economy Screen Reader Lenovo Distributed Denial of Service Workplace Computing Infrastructure Teamwork Hiring/Firing Virtual Reality Service Level Agreement Internet Service Provider Refrigeration Regulations Compliance Public Speaking Identity Hacks Server Management Evernote Paperless Scary Stories Private Cloud Identity Theft Fun Bookmark Lithium-ion battery Smart Tech Memes Superfish Co-managed IT Alerts SQL Server Technology Care Entrepreneur Deep Learning Twitter Download Net Neutrality Financial Data History Business Communications Error Education Social Engineering Browsers Smartwatch Connectivity IT Break Fix Scams Azure Hybrid Work Remote Computing Upload Procurement Undo Social Network Telework Cyber security Mobile Computing Multi-Factor Security Tech Human Resources Tablet Search CES IoT Communitications Dark Web Cables

Blog Archive