Security

Google Patches Browser, But Assures Security of Its OS

Not that Chrome OS deserves any more attention, given that it is currently just an over-hyped figment of Google's imagination. But this is irresistable. One business day after patching a critcal hole in Google Chrome, a news report surfaced where Google executives promised that its ChromeOS will be so secure, its users will think viruses are a thing of the past, reports a story today in the New Scientist:

"While further details on the Chrome OS are scant, Linus Upson, Google's engineering director, made one major promise: We are completely redesigning the underlying security architecture of the OS so users don't have to deal with viruses, malware and security updates. It should just work.'"

That's a big promise given that today's malware is written by brilliant and financially motivated bad guys. It gets even more incredulous given that Google's track record so far on security is mixed. In the cloud, the company does a seriously good job of protecting e-mail and defending its search results. And the browser patches itself, so it is true that when a hole is found, it is also fixed, without user intervention.

But holes are found on a regular basis. On Friday, for instance, Google released its 10th patch of the year for the browser, averaging more than one a month. This is no great improvement over Microsoft. Redmond has so far released three patches that fix 14 holes across multiple versions of its browser. Last week's Chrome hole was rated highly critical, too. It was caused from an error when processing regular expressions in JavaScript and can be exploited to corrupt memory which could potentially cause a heap-based buffer overflow, according to security research site Securnia. Done right, it could allow an attacker to execute code on a remote system. The patched version of Chrome is version 2.0.172.37.

The primary reason Google is able to claim security triumph as it patches critical holes is that virtually no one is using the browser, at least not for anything important like running their business. Until that day, the seriously smart, financially driven type of attacker that has made moosh-mash out of Microsoft's security is not going to bother with it. If the day comes when Google Chrome replaces Windows, you can believe that the malware guys and gals (not to mention the multi-billion industry designed to defend the enterprise) will be doing everything in their considerable power to maintain the status quo.

Subscribe to the Security Watch Newsletter

Comments