Google announces zero-day in Chrome browser – update now!

From nakedsecurity.sophos.com

n the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers.

Remember that a zero-day exploit is a security bypass, typically one that allows Bad Guys to break in and run or implant software of their own choosing, that was discovered and abused by the attackers before the Good Guys found and fixed it.

In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone – and you have to hope that it wasn’t you! – has already been attacked and pwned, even if they’re accustomed to patching promptly themselves.

Simply put, the zero part of the jargon means that there were zero days during which you could have been patched proactively, no matter how hard you tried, because the attackers got there first.

Annoyingly, but perhaps understandingly, both Apple and Adobe made only the briefest of admissions about the zero-days they fixed.

Read more…