Your organization's web browser is essentially your operating system for the cloud. Secure it appropriately. Credit: FeelPic / Mustafa Hacalaki / Getty Images Browsers. You can’t use the Internet without them, but they introduce insecurity and instability to the computing environment. Browsers are the operating system of cloud computing and protecting them will become more and more important.Just last week, Google came out with patches to fix zero-day vulnerabilities with Chrome. As Kaspersky noted in its blog, “The attack leverages a waterhole-style injection on a Korean-language news portal. A malicious JavaScript code was inserted in the main page, which in turn loads a profiling script from a remote site.” The attack determined what browser version and operating system the victim is running. Like many attacks, the goal was to gain persistence on the computer. In this case the malware installs tasks in Windows Task Scheduler.Both the new Microsoft browser, based on Edge, and the existing Chrome browser will suffer from increasing targeted attacks and zero-day vulnerabilities. You need to look at your user base and determine if their roles and actions put them at increased risks. For highly sensitive machines, you might want to take drastic actions and lock down the browser. Actions to take include disabling JavaScript in a browser or considering plug-ins and browser scanning tools to help you keep your user base safe.How to disable JavaScript in a browserTo disable JavaScript in Chrome, select Menu (the three vertical dots on the far upper right of the browser) -> Settings -> Advanced -> Privacy and Security -> Site Settings. Under “Permissions” look for “JavaScript”. Toggle the setting to “Blocked”. So many websites use JavaScript that you might find this option too extreme. A wiser approach in a risky environment is to identify those sites for which you must have JavaScript and then only allow JavaScript to run on those websites. You can add those sites in the exception section by clicking on “Add” in the “Allowed” section. Add the URL of the website in the field. Then set the behavior to “Block” or “Allow”. You can even block partial sections of websites. Susan BradleyAdd JavaScript exceptionsYou can also add the Smart Screen technology via a browser extension from Microsoft to Chrome to prescan sites for JavaScript. Susan BradleyAdd the Smart Screen technology to ChromeThe extension allows users to report suspicious sites. Susan BradleyThe extension allows users to report suspicous websitesKeep browsers patched and up to dateSince recent versions of Chrome now support site isolation, it’s imperative that you keep any and all browsers installed on any device (desktops, phones, tablets) up to date and patched not only to ensure you have all security fixes, but that you receive new protection technologies. Even Microsoft is jumping on the Chrome bandwagon and basing its new Edge browser on the Chrome engine. Microsoft just made announcements at its Ignite conference regarding new logos and new plans as it attempts to reboot it’s beleaguered browser known as Edge.Microsoft is announcing that Edge is ready for business evaluation and is urging administrators to download and test it. The new browser has Group Policy templates that are separate and distinct from the older Edge Group Policy settings. They allow you to control various settings such as:CastContent settingsDefault search providerExtensionsHTTP authenticationNative MessagingPassword manager and protectionPrintingProxy serverSmartScreen settingsFor updating purposes, you will be able to control applications and preferences, and you will be able to set a proxy server with Group Policy settings. Edge will be able to update independently from the operating system, thus giving administrators more flexibility. Bottom line if your firm still relies on Internet Explorer enterprise mode to handle internal corporate websites, it’s time to test Edge based on Chrome. Consider browsers as a platform that you need to protect and defend as much as the operating system itself.Don’t forget to sign up for TechTalk from IDG the new YouTube channel for tech news of the day. Related content news Top cybersecurity product news of the week New product and service announcements from Conatix, Tanium, Cisco AppDynamics and Miggo. By CSO staff Apr 19, 2024 79 mins Generative AI Security news analysis Cisco fixes vulnerabilities in Integrated Management Controller Cisco fixes high-risk flaws in the out-of-band management controller of multiple products By Lucian Constantin Apr 18, 2024 4 mins Threat and Vulnerability Management Vulnerabilities news UK law enforcement busts online phishing marketplace The coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform. By Shweta Sharma Apr 18, 2024 4 mins Phishing Legal news Consolidation blamed for Change Healthcare ransomware attack United HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused. By John Leyden Apr 18, 2024 5 mins Ransomware Cyberattacks PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe