I would like to know what security challenges you will face in short term if you keep using Chrome after it drops updates for Win7? I know any kind of problem and error may surface, but are there any serious threats based on the recent situation in short term if I have a Virus Scanner and a Firewall?
In the short term, and in my above average computer expert opinion, nothing. Nothing at all.
In the long term you will be vulnerable to any unpatched CVE or vulnerability known or otherwise that the browser will be fixed for with newer versions. Anti-virus or not, the browser is the vector for execution of some hack attempt or what ever.
You can try Firefox or install Tiny10.
Read my post here: Google Chrome support ends for Windows 7 and 8.1 in early 2023
Not really. There's a whole host of things you need to learn about when it comes to cybersecurity. In one example a malicious hacker could hack the server hosting that otherwise benign website with malicious Java Script. If the browser was patched for this but your version doesn't have the patch then of course your targeted.
Even online Ads can be laced with malicious code.
There's a lot one may not know of. Not just with a browser but with a whole host of other things. Bottom line, if you don't know how to patch code in a browser, then it's a safe bet you don't know much about the cybersecurity landscape and all the risks that are out there running unpatched code, i.e in a browser.
- - - Updated - - -
I'm sure in the near future if not now Firefox too will require Windows 10 and above. It's just the way it is and how code changes. It's why no one can run Windows 98se now and not have to hack the crap out of everything just to have a working OS.
Long story short, if you're a computer expert you can keep using Windows 7 with older browsers (I still have XP with ArcticFoxie's 360 Chrome 13, no antivirus, no updates, no problems).
If you're a novice to intermediate user you need to use an OS and browser that continue to receive security updates.
Since a common attack vector involve bugs in the browser that goes along the lines of "infected JS code is injected, executed on the site, causes the infection to break out of the sandbox of the browser engine and then allow execution of malicious code on the machine", I would approach this as follows:
1. Use adblock (Ublock Origin) and Scriptblock (NoScript) together with other security/privacy addons (PrivacyBadger etc).
2. Sandbox the browser by running it in an isolated sandbox (Sandboxie et al).
3. Use a Linux VM for browsing instead of Windows.
I don't believe in the simplistic "update everything daily" approach when there's one zero-day exploit after another. It is like trying to avoid corrosion by washing away the saltwater daily rather than use anti-corrosion paint et al.
What I am doing myself is to set up a VM running Ubuntu MATE, which will be the main "Internet machine" in order to protect my two Windows installations (7 and 10) from this kind of issues as an extra layer of security.
The most important thing is to always run the browser in some kind of sandbox or even a VM (under a different OS) besides using proper add-ons since the most common vector will be destructive scripts that use different bugs to "break out of the sandbox" (modern browsers do have their rendering engines sandboxed but it's necessary to have another layer around the browser itself, be it a sandbox like Sandboxie or even a VM).
Blocking ads and scripts are the most important things to do and also to have a dedicated browser for things like banking (a browser that is ONLY used for those kind of purposes).
So far, adblock, adblock over DNS, scriptblock etc have worked brilliantly over the years. The biggest security threat is all this propaganda in mainstream media about "you are safe when you update" since another zero-day exploit just nullifies all "updating". It just doesn't matter if you are updating until you are blue in your face when another of those issues land and is being exploited.
Better to simply consider a browser to be "potentially unsafe" and use a condom (sandbox it, run a Linux VM for browsing etc). Running a "different OS" for Internet activities is what I would consider the safest approach in order to "shield" the host OS from browser/online related threats.
My exact same sentiments. And for some reason, you kinda look like me. LOL
I used to swear by NoScript in the past, and it does do a marvelous job, but over the course of time I found it to break too many websites even if I allowed top 2nd level domains. It's just today websites are choke full of JS so NoScript becomes too cumbersome to deal with. Today I do use the aforementioned Sandboxie Classic. That way hopefully nothing jumps the sandbox if it is malicious. But as we know, with security comes cumbersomeness... and know how.
Quote