Google Chrome Patch Gap down to 15 Days from 33 Days

Google has done a great job bringing the patch gap down to 15 days from 33 days. They also want to bring this number down further to once a week. Their goal is to quickly roll out patches for vulnerabilities. 

In 2019, security researchers from Exodus Intelligence have noted that on two occasions Google Chrome’s large patch gap can be exploited by attackers.

First in April, and then in September, Exodus researchers developed a proof-of-concept exploit code for security bugs fixed in the V8 JavaScript engine that had yet to make their way downstream into the Chrome code base.

GOOGLE Chrome is doing something about it.

Google Chrome users have some good news and the Exodus team’s research on the topic and subsequent warnings did not go noticed by Google Chrome Security team.

In Google Chrome’s recently published quarterly security summary for Q4 2019, the Google engineers said they have been hard at work to reduce Chrome’s patch gap.

“We now make regular refresh releases every two weeks, containing the latest severe security fixes,” said Andrew R. Whalley, a member of the Chrome Security team.

“This has brought down the median ‘patch gap’ from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it,” he said.


Results

Now because they also mentioned that they wanted to bring this number down further to once a week we would think that Google Chrome would be the more secure browser from other competition. Their goal is to quickly roll out patches for vulnerabilities. 

Leave a Reply