New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!

3 years ago 168
BOOK THIS SPACE FOR AD
ARTICLE AD

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.

Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.

Tracked as CVE-2021-30551, the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw.

Stack Overflow Teams

Although the search giant's Chrome team issued a terse statement acknowledging "an exploit for CVE-2021-30551 exists in the wild," Shane Huntley, Director of Google's Threat Analysis Group, hinted that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its Patch Tuesday update on June 8.

The two zero-days are said to have been provided by a commercial exploit broker to a nation-state actor, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley said.

More technical details about the nature of the attacks are to be released in the coming weeks so as to allow a majority of the users to install the update and prevent other threat actors from creating exploits targeting the flaw.

Prevent Data Breaches

With the latest fix, Google has addressed a total of seven zero-days in Chrome since the start of the year —

CVE-2021-21148 - Heap buffer overflow in V8 CVE-2021-21166 - Object recycle issue in audio CVE-2021-21193 - Use-after-free in Blink CVE-2021-21206 - Use-after-free in Blink CVE-2021-21220 - Insufficient validation of untrusted input in V8 for x86_64 CVE-2021-21224 - Type confusion in V8

Chrome users can update to the latest version (91.0.4472.101) by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read Entire Article