0 %

Google rushes out fix for zero‑day vulnerability in Chrome

April 22, 2021

The replace patches a complete of seven safety flaws within the desktop variations of the favored net browser

Google has launched an replace for its Chrome net browser that fixes a spread of safety flaws, together with a zero-day vulnerability that’s recognized to be actively exploited by malicious actors. The bugs have an effect on the Home windows, macOS, and Linux variations of the favored browser.

“Google is conscious of stories that exploits for CVE-2021-21224 exist within the wild,” said Google in regards to the newly disclosed zero-day vulnerability that stems from a sort confusion bug within the V8 JavaScript engine that’s utilized in Chrome and different Chromium-based net browsers.

Past the zero-day flaw, the brand new launch fixes six different safety loopholes, with Google particularly itemizing 4 high-severity vulnerabilities the place fixes had been contributed by exterior researchers. The primary, listed as CVE-2021-21222, additionally impacts the V8 engine, nonetheless this time it’s a heap buffer-overflow bug.

The second flaw tracked as CVE-2021-21225 additionally resides within the V8 part and manifests as an out-of-bounds reminiscence entry bug. As for CVE-2021-21223, it’s discovered to have an effect on Mojo as an integer overflow bug. The fourth high-severity vulnerability, labeled CVE-2021-21226 is a use-after-free flaw present in Chrome’s navigation.

READ NEXT: Google: Better patching could have prevented 1 in 4 zero‑days last year

“Profitable exploitation of essentially the most extreme of those vulnerabilities may permit an attacker to execute arbitrary code within the context of the browser. Relying on the privileges related to the appliance, an attacker may view, change, or delete knowledge,” warned the Center for Internet Security.

As is widespread with such releases, the tech titan has not disclosed any additional particulars in regards to the safety loopholes till most customers have had an opportunity to replace their net browsers to the latest accessible model, mitigating the possibility of the vulnerabilities being exploited by menace actors.

The Authorities Laptop Emergency Response Crew Hong Kong (GovCERT.HK) issued a security alert advising customers and system directors to replace their browsers. “Customers of affected techniques ought to replace the Google Chrome to model 90.0.4430.85 to deal with the problem,” mentioned the company.

Contemplating the disclosed vulnerabilities, customers would do effectively to replace their browsers to the newest model (90.0.4430.85) as quickly as practicable. In case you have computerized updates enabled, your browser ought to replace by itself. You can even manually replace your browser by visiting the About Google Chrome part, which will be discovered below Assist in the menu bar.

Posted in SecurityTags:
Write a comment