CISA adds Google Chrome vulnerability to catalog; Commentary from Garrison Technology’s
May 2024 by Adam Maruyama, Field CTO, Garrison Technology
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. One of those is for Google Chrome - CVE-2024-4761. The commentary from Adam Maruyama, Field CTO, Garrison Technology. While his comments are focused on the Google Chrome vulnerability, he can speak to the security impact of frequent vulnerabilities in browsers as a larger topic if needed.
“The recent addition of CVE-2024-4761 to CISA’s Known Exploited Vulnerabilities (KEV) catalog marks the fifth KEV this year against a software stack that is the backbone of more than 65% of browsers on the market (notably, Chrome and Edge). While Google’s prioritization of patches against such vulnerabilities is helpful to everyday users, the window between discovery of the vulnerability and a patch being developed (7 days in this case) and any further lag time between a patch being developed and deployed provides sophisticated attackers with a window of opportunity.
“During this window, an attacker could compromise highly-sensitive data like financial, medical, and personal information, or disrupt publicly-available services. Administrators of such systems should look at controls like robust browser isolation that can provide users with access to such data with a way to view publicly-facing websites without incurring the risks inherent to web code execution. In this way, administrators can mitigate the risk of browser vulnerabilities while ensuring users have continued access to the resources necessary to achieve business objectives.” - Adam Maruyama, Field CTO, Garrison Technology