Today’s browser is smarter and more complex than ever before. While it has been key to enabling a distributed workforce and the widespread adoption of SaaS applications, it also increases risks, specifically in the form of browser exploits in which attackers find ways to exploit the browser and manipulate end-users. As attackers move from targeting operating systems to targeting the browser, which today is the gateway for the many SaaS applications that hold sensitive corporate data, security leaders need to understand and monitor this threat, and apply solutions accordingly.
What is a browser exploit?
Browser exploits are code that allow attackers to abuse flaws and vulnerabilities in browsers and their extensions or websites. When a browser that contains a flaw loads into a malicious website, the attacker is able to take control of the browser and sometimes the entire endpoint. In addition, endpoint malware targets the browser, stealing credentials like passwords and access tokens, delivering ransomware attacks and gaining access to sensitive data.
As browsers have become both more advanced, and an entry point to the corporate environment, the number and variety of these vulnerabilities have increased. Today the browser is the most vulnerable application according to number of CVEs. And while this is most likely a sign that there are plenty of dedicated individuals and teams working to identify and solve for these browser exploits, it also clearly demonstrates the scale of the problem and the massive increase in opportunities for cyber criminals.
The most common browser attacks
Usually, browser attacks do one or more of three things: 1. Exploit vulnerabilities in the browser itself, 2. abuse legitimate browser functions such as password saving or activity monitoring and 3. Redirect users to malicious or phishing websites and trick the user into entering sensitive data.
Some examples include:
Zero-day Browser Exploits in the Wild
Zero-day attacks have received a lot of attention, even in relatively mainstream media. For good reason: most users and endpoints are not secured against them and these attacks can often circumvent standard security mechanisms. According to Google, there has been a large uptick of in-the-wild zero-day attacks the industry is seeing this year (2021 )and In 2021, billions of users were urged to update their browsers twice within a month because of these With the browser becoming a lucrative target we expect this trend to become even more prevalent among attackers..
Browser Extension Attacks
Browser extensions often have powerful permissions and are able to monitor user data and even inject scripts into visited websites. Malicious browser extensions infect millions of users across the world. What makes them both interesting and daunting is that they hide in plain sight. Many extensions have been downloaded in good faith and/or have many permissions, without the user being aware of their malicious capabilities.
Google and other browsers remove such malicious extensions on a daily basis, but threat actors continue to find unique ways to inject code into workstations. While statistics are unavailable, industry experts agree that this is a troubling and growing threat.
A man-in-the-browser (MITB) attack uses a Trojan to infect the victim’s browser and modify information as it is exchanged between the browser interface and the internet. The malware interposes itself between the web application and the user’s browser, capturing and relaying sensitive information to the hacker as the user interacts as normal. This is different to other web attacks in which a user is redirected to a malicious URL. MITB attacks can also modify how a webpage appears, injecting form fields to capture additional information. With 60% of internet users reusing passwords across multiple accounts, attackers can quickly gain significant amounts of data and gain entry to corporate and other networks. MITB attacks are among the most widely used methods available to cybercriminals, with some estimating that 35% of incidents in which cyber weaknesses have been exploited involve MITM attacks.
Protecting your frontier
While there’s an instinctive sense that the browser is protected, a combination of user error and previously unidentified vulnerabilities offer significant opportunities to cyber attackers. But it’s also an opportunity to benefit from a single point to identify, monitor and prevent these attacks. By building your security into the browser, you create an environment in which you have complete visibility and significant control, making it the ideal place to deploy your security.
When we created TalonWork, a secure, Chromium-based browser designed to offer a new cybersecurity approach for the distributed workforce, we realised that we could place virtual sentinels within the browser. By operating in a distributed manner inside the browser, we can achieve complete visibility without the need to redirect traffic to data centres and complex IT infrastructure. This not only improves the user experience and ensures lower latency, but also reduces the operational effort and the overhead cost because there’s no need to maintain infrastructure to redirect or tap into the network traffic.