Named a Visionary in Gartner Magic Quadrant for Secure Web Gateways (SWG)

Back to blog

Remote browser isolation—creating a patch buffer

Share this article

The year 2020 was a very tough one for enterprises for many reasons. Perhaps one of the biggest reasons was that COVID-19 forced businesses and other organizations to make an almost overnight transition to remote work. On the other hand, cyber attackers had a great year. Remote work and the shift to the cloud have resulted in a greatly increased attack surface area that attackers have capitalized on.

In 2020 we saw a resurgence of ransomware attacks, increase credential phishing campaigns and new and novel attacks targeting cloud assets and resources. Browsers have become even more powerful and are increasingly being used to access new applications and cloud resources, which also increases their importance in cybersecurity.

While we continue to see new and novel types of attacks, one attack technique that has persisted is the use of web browser exploits to compromise endpoint systems. While we do not see a lot of exploit kits these days, we are seeing more sophisticated attackers that continue to use this infection vector by developing zero days.

The following table provides a list of all the zero days that attackers actively exploited in the wild throughout 2020. As the table below shows, there is a shift in trend with attackers developing more zero days for Chrome. This is primarily due to two reasons:

    • Chrome has the largest market share, so it’s natural that attackers go after it
    • Starting January 2020, Microsoft’s Edge browser became based on Chromium. Developing an exploit for Chrome now gives the attackers a much larger attack surface to go after.

  CVE ID

Targeted Browser

In the Wild Exploitation

  CVE-2020-16009ChromeYes
  CVE-2020-16013ChromeYes
  CVE-2020-15999Chrome on WindowsYes
  CVE-2020-16017Chrome on AndroidYes
  CVE-2020-6819FirefoxYes
  CVE-2020-6820FirefoxYes
  CVE-2019-17026 (Fixed in 2020)FirefoxYes
  CVE-2020-0674Internet ExplorerYes
  CVE-2020-1380Internet ExplorerYes
  CVE-2020-16044FirefoxTBD

After Google fixed five flaws in Chrome in a span of a month, we published a blog that showed a significant number of customers were still running old versions of the browser.

In this blog we are providing insights into patch lag – the time taken by enterprises to patch their browsers.

Looking at the Chrome browser update cycle across our global customer base, we can see this patch lag. The following image is data collected from our global platform across four months, November 2020 through February 2021. It clearly shows the adoption of Chrome updates after they are released. For context the following are the release dates of the Chrome versions in the chart below:

    • Chrome 88: January 19, 2021
    • Chrome 87: November 17, 2020
    • Chrome 86: October 6, 2020
  • ChromeUpdateTrendGraph_01

From the graph, we can see that while Chrome 87 was released on November 17, it took at least a month for customers to start updating their browsers. December was when Chrome 87 saw adoption rates of close to 84 percent. We see the same trend going into January 2021. Chrome 88 was released on January 19, 2021, and we are now seeing a considerable increase in Chrome updates. This quicker adoption for Chrome 88 might be attributed to the recent SolarWinds breach, with customers being more vigilant with updates.

We noticed that across our customer base, there were some early adopters of these updates and they are consistent in their patching cycle. The same set of customers who were early adopters of Chrome 87, also updated quickly to Chrome 88.

Across our global customer base, we saw that the following verticals were early adopters of browser updates:

    • Finance and Banking
    • Government
    • Construction
    • Oil and Gas

 North America and Singapore were the regions that had the most customers updating as soon as the patch was released.

Patch Buffer Protection

The need to protect the customer before and after a patch is released is critically

important. That’s where Menlo’s cloud security platform with Isolation Core solution fits in. Rather than relying on each customer to install patches immediately, the patch buffer provided by the platform significantly mitigates the web exploit class of attacks by providing organizations with the time they need to implement patches across multiple types of devices so users can stay safe and work without worry. Menlo’s cloud security platform with and Isolation Core protects customers by providing that patch buffer.

If you’re looking for more information about threats and vulnerabilities, be sure to read our Menlo Labs blogs. While you’re there, sign up for email updates. You can also hear about what to watch out for in 2021—watch our webinar “The Good, the Bad, and the Ugly: How Security Will Change in 2021” to learn how you can protect your users, data, applications, and systems from increasingly sophisticated threats.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.