Web browsers are found on every modern computer, tablet and smartphone. They enable easy browsing of online websites, access to software-as-a-service platforms, and perform many more tasks that are part of the daily routine of Internet users. Because of their ubiquity however, browsers are an easy target for hackers looking to gain access to your network. Malicious actors know that many devices have multiple browsers, some of which may be out of date, and that end-users often neglect browser security.
It has been found that a quarter of all Windows devices run old, sometimes unsupported versions of Internet Explorer, and only 66% of Firefox users are running the latest version. Even Chrome, which automatically updates on restart, is not immune to this issue: 59% of Android devices have found to be running out of date versions of Chrome, likely due to phones and tablets not being regularly restarted.
In addition to the browsers themselves, two of the most used browser plugins, Flash and Java, are a huge source of known vulnerabilities, and attacks on these plugins are very common. In 2015, Flash was found to be the most commonly exploited product, and in 2017 six of the top ten exploits affected Flash. This has led some browsers to block the plugin by default or only allow it with permission, but Windows users and those running old versions of Internet Explorer are still vulnerable. In addition, if individual employees fail to regularly restart their browser or delay updates when they are released, they will pose a risk to an entire network.
As these facts make clear, keeping browsers and associated plugins including Java and Flash updated is imperative, and is the only way to fully protect against known vulnerabilities. However, when dealing with remote employees, multiple browsers versions, and different operating systems, it can be difficult to enforce best practices for updates.
Individual employees often download preferred browsers without informing IT departments, and may delay or put off updates altogether. In order to gain visibility into what browsers are being utilized and ensure that patches are applied immediately, IT departments must employ a singular solution which can remotely monitor browser patch status and deploy updates automatically.
The simplest way to keep browsers updated is by using a cloud based patching solution such as Automox. Using a lightweight agent which can be easily installed on every device in your infrastructure, Automox immediately provides IT departments with an overview of what browsers and software are present, and which are in need of updating. Necessary updates to browsers and other systems can be applied automatically across all devices, or rules can be set that dictate which patches are applied automatically and which need to wait for IT approval. In addition, patches and updates are enforced so that employees can only delay updates for a set number of times.
Known vulnerabilities in common applications such as web browsers are often quickly exploited, and pose a significant security risk. Your ability to quickly and effectively apply patches to different operating systems and software applications is the best way to improve your cyber hygiene and reduce your attack surface. Automox patches Windows, Mac, and Linux devices, as well as the most popular third party applications, from a single dashboard. Automox natively patches Firefox and Google Chrome, and also updates Flash and Java so IT managers can be confident that the most vulnerable browsers and plugins are always up-to-date and secure. To see for yourself, sign up for our free 15-day trial. You’ll get full platform access with no endpoint limit and no credit card required.