Smile On Fridays secured coverage in Forbes for OneLogin
Update Google Chrome now, warn both Google and the Department of Homeland Security, as hackers already have attack exploit code for a high-severity, zero-day vulnerability.
Google has confirmed that it is aware of reports that a zero-day Chrome browser exploit exists in the wild. The Department of Homeland Security cybersecurity agency, CISA, has advised users to update now.
A zero-day vulnerability remains a relatively rare event in cybersecurity terms, and as such is both a valuable and dangerous thing in the hands of threat actors. The term relates to a vulnerability that is actively exploited by hackers before it has been discovered by either the product vendor or the threat intelligence community. Only at the point of discovery, day zero, can mitigation efforts begin. This leaves the threat window wide open, often for weeks or months, to the attackers with that head start. Chrome has been subject to more than a few zero-days across the last few months, it has to be said, but just how serious is this latest threat?