Web-based attacks are one of the key methods employed by cybercriminals to cause damage to individuals and organisations. Keeping your web browser up-to-date will help to protect you from cyber-attack.
Cybercriminals seek to exploit the weaknesses they find in software, and software vendors – such as Microsoft, Google and Adobe – work to identify and close gaps in the security of their products. It’s a constant game of cat and mouse, and it’s one that can have significant consequences for users. This blog post explains the importance of updating your web browser as and when the vendor issues security patches.
How Web Browsers Are Exploited
A web browser is one of the primary means by which a user accesses the ‘wider world’ outside their local network. As windows to the outside world, web browsers are often seen as a primary access point for cybercriminals to a user’s private network.
A recent example of a web browser exploit was a browser implementation error that facilitated man-in-the-middle attacks that could put sensitive information at risk of interception.
A man-in-the-middle attack is an attack in which a communication between two parties is secretly intercepted – and possibly altered – by an attacker.
A recent CERT (Computer Emergency Response Team) Vulnerability Note explained that cookies – messages sent from website servers to web browsers – could allow attackers to bypass secure HTTPS connections and access private session information.
HTTPS, also known as HTTP Secure, utilises encryption to prevent people eavesdropping on your private information. HTTPS is widely uses across the Internet for financial payments and other activities that involve personal data.
The exploit was made possible because web browsers did not check the source of HTTPS cookies. This allowed attackers to plant HTTPS cookies that would override genuine cookies, giving them access to HTTPS content such as – for example – bank balances or jobsite profiles.
How to Protect Yourself
As a user and not a developer, you are very much in the hands of Google, Mozilla, Microsoft, or whoever maintains your web browser of choice. However, this makes the steps you need to take to protect yourself simple: ensure that your web browser is up-to-date and running at the latest version.
After the HTTPS cookie vulnerability discussed above was first uncovered in the paper published at the 24th USENIX Security Symposium, browser vendors issued updates that provided a workaround for the problem. This is an example of where a vulnerability was recognised and addressed; users who have updated their browser will be protected, whereas anyone continuing to use older browser versions will still be vulnerable.
Your web browser presents a potential security weakness, and this blog post has provided an example of where outdated web browser versions can put your confidential information at risk. If you are running an old web browser version, update it! As vendors issue patches and updates that address security issues, we as users should make sure to keep up-to-date with them in order to mitigate the risk of attack.