Google is reducing the patch gap for Chromium, the open-sourced project which powers Chrome and other browsers. Under the new schedule updates will be rolled out on a weekly basis, instead of the earlier bi-weekly basis. The move will reduce the gap between updates, thereby reducing the time within which they can be exploited by threat actors.
The new schedule will start with Google Chrome 116, the company shared in a blog post.
The Chromium open-source project allows anyone to view its source code and scrutinize developer discussions, updates, and fixes made by contributors in real-time. These fixes are then added to Chrome releases and checked for stability before being sent out as a stable release.
However, this transparency is used by threat actors to identify flaws, before fixes are sent to the users, and launch cyber-attacks.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Google has been aware of this problem for some time. The company, in 2020, reduced the average time between patches from 35 days to bi-weekly updates to reduce the risk of threat actors exploiting n-day exploits. And while this may not be a fool-proof method to end the use of n-day exploits, it will reduce the time threat actors have to exploit flaws.
The increase in update frequency builds up the security of Chromium-based browsers, the Android ecosystem is much harder for Google to control. Security fixes and updates on Android depend on the rollout of fixes software by manufacturers, which can take months, allowing threat actors to exploit bugs.
