This week, the Center for Internet Security’s Multi-State Information Sharing and Analysis Center issued an advisory that cited multiple vulnerabilities in Google Chrome. This is important, as Google Chrome is a commonly used web browser that enables access to the Internet.
The vulnerabilities (for versions prior to 89.0.4389.128) could allow for arbitrary code execution, which might enable an attacker to view, change, or delete data. As a result, the Center for Internet Security classified these vulnerabilities as HIGH RISK for Small Businesses and certain other organizations. Meanwhile, Google issued a new version of the Chrome browser containing several security fixes.
Here is how to check your version of Chrome Browser. Click on the 3 dots menu icon on the top right of your Chrome browser window, under the “Close” X). Then choose Settings. In Settings, click on the last item on the bottom left, About Chrome. The information about your browser will be displayed then.
As a managed IT security provider, powersolution’s recommendations are consistent with those issued by the Center for Internet Security. These recommendations should be implemented by qualified IT personnel, with support and oversight by small business owners and managers.
- Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
- Apply the Principle of Least Privilege to all systems and services. The Principle of Least Privilege (PoLP) refers to giving a computer user the minimum level of access (or permissions) needed to perform his/her job functions.
If you are not sure about your organization’s state of IT security, get a FREE Consultation related to implementing a secure IT environment: