Google Chrome has Fallen!
As you may have heard, the Chrome browser has been compromised at Pwn2Own this year. When it happened I swear I felt the earth shake just a bit :-)
But seriously why is this such big news, that everyone (including myself) are writing about it, who knows??. But I suspect, often we seem to work ourselves into a frenzy because we’ve placed an object (in this case Google Chrome) on a high pedestal. Why? Simply because we can, and this is the first time Chrome was compromised in the 5 years Pwn2Own has existed. With such a good track record most believed Chrome was invincible. But why, Chrome is software written by humans who are fallible; we make mistakes.
We should know better, nothing is invincible. Vendors can play marketing games and toot their horns, but the honest truth no vendor will ever say in your face, all software is fallible, and I would think, after so many years we would finally have figured it out on our own, (marketing hype aside) and set realistic expectations and processes in place to mitigate security risks.
Fortunately Chrome has already patched some of the exploits recently announced. And that is great, but what worries me are the other unknown zero day exploits currently compromising our machines we don’t even know about. So how do we protect ourselves; I think the best answer is common sense. No really common sense. If you visit sites with questionable content you’re asking for trouble. If you don’t utilize sensible best practices to keep your identity secure, or don’t care about proper password etiquette then no security tools can help you. Doesn’t matter how you cut it, everything comes back to the user. Unfortunately, the user is always the weakest link in the chain.