Your Browser Wears No Clothes: Why Fully Patched Browsers Remain Vulnerable
As users of technology, it has been taught that the Internet is not always a safe place but that it can protect ourselves by patching and hardening systems. While patch management and system hardening have long been the basics for enterprise security, shifts in technology and attack patterns are changing the rules. Off late, it is not just possible, but common for a user with a fully secured machine to become compromised. At times, this occurs due to increasingly sophisticated social engineering attacks or newly discovered (so called zero-day) vulnerabilities. However, it is increasingly resulting from exploitation, which does not target a specific vulnerability on an individual platform, but instead is abusing the functionality and structure of the Internet itself.