Skip to main content

Chrome has a security problem — here’s how Google is fixing it

Google Chrome icon in mac dock.
PixieMe / Shutterstock

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

Recommended Videos

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

As of Wednesday, the brand has rolled out Google Chrome 116, which includes the new schedule. Previously a bi-weekly update, Chrome will now be treated to weekly security updates.

With the open-source nature of Chromium, anyone is able to access the Chrome browser source code, “submit changes for review, and see the changes made by anyone else, even security bug fixes,” Google said on its security blog.

Typically, community members from Google’s Canary and Beta channels notify the brand of various issues of stability, compatibility, or performance that can be addressed before stable updates are sent to the public. This openness is double-edged; however, as bad actors have the same access as good-faith users, allowing them real-time details on vulnerabilities before updates are deployed to a wide range of public users. If taken advantage of, such an attack is called an n-day exploitation.

This is why Google hopes shortening the time between security updates can assist in deterring nefarious users from gaining information about vulnerabilities in Chromium code. Usually, the time between security updates is used for testing prior to a public release. Google first observed this to be an issue in 2020 when its patch gap between updates was approximately 35 days. It then shifted to a biweekly update schedule with the release of Chrome 77.

The brand noted this latest schedule still won’t deter all n-day exploits but can minimize them further. In practice, more frequent security updates offer less time for bad actors to exploit flaws that require detailed paths and more development time. Over time, there is also the likelihood that bad actors will find ways to create faster exploits.

There is also the possibility that the frequency of security updates could eventually truncate even more, with patches being deployed as soon as they’re available.

Google stated it now tackles “all critical and high severity bugs as if they will be exploited.”

Even so, the brand has come to see n-day exploits as just as dangerous as zero-day exploits, which are vulnerabilities that were previously unknown and therefore unaddressed with a patch or update.

Google also recently announced its plans to enable separate Chrome browser support for ChromeOS as of the ChromeOS 116 release. This update would especially benefit Chromebooks, extending the netbooks far longer than their typical software lifespan. The ChromeOS 116 release is scheduled for August 22.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Google’s Gemini is coming to Chrome for faster, easier browsing
Gemini 2.0 logo

Google is testing the integration of Gemini at the top of the browser in the latest Chrome Canary build, to facilitate access to the AI and make your browsing experience easier, as Windows Latest reports. Google is also working on a widget for Gemini.

Thanks to browser researcher Leopeva64, new details about how the feature works have emerged. Windows Latest tried turning on the GLIC-related flags to enable the Gemini icon but experienced some issues. A new "Glic" setting appeared in Chrome, allowing you to personalize how to open Gemini on your Windows PC. The setting gives you options to override existing shortcuts or enable them inside the menu.

Read more
Google reacts to questionable shopping Chrome extensions
chrome web store logo on computer

Google has updated its policies for Chrome extensions following a controversy over the Honey extension. The extension, from PayPal, has been accused by creators of misappropriating affiliate links without its users' knowledge, and Google now specifies that similar extensions are not permitted on its Chrome Web Store.

The issue regarding Honey came to light in December 2024, when YouTubers accused the extension of being a scam. The extension claimed to search through discount codes and automatically apply them to user's shopping baskets across many different websites. However, it has been accused of injecting its own affiliate links into users' purchases without their knowledge, taking revenue from content creators who also use affiliate links. In an ironic twist, this likely negatively affected the same tech influencers that Honey paid to promote its extension.

Read more
Google boosts enhanced security with AI-powered upgrade
Person using Google

Google has strengthened Chrome's security with AI-driven real-time protection, helping safeguard your PC from dangerous downloads, sites, and extensions, as spotted by Leo on X (via Bleeping Computer). Google tested the update for three months, but it's now distributing it to all users on the stable channel.

The key change is the addition of AI-protection to the security feature, which is part of safe browsing, that's been around for years. However, users should remember that browsing data is sent to Google when you enable Enhanced Protection. Google renamed the feature to highlight AI integration, but how the new version varies from the previous one is unclear.

Read more