Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

3 years ago 232
BOOK THIS SPACE FOR AD
ARTICLE AD

Google Chrome

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.

Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.

As is typically the case, the company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerability was exploited, or the threat actors that may be abusing them.

With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year —

CVE-2021-21148 - Heap buffer overflow in V8 CVE-2021-21166 - Object recycle issue in audio CVE-2021-21193 - Use-after-free in Blink CVE-2021-21206 - Use-after-free in Blink CVE-2021-21220 - Insufficient validation of untrusted input in V8 for x86_64 CVE-2021-21224 - Type confusion in V8 CVE-2021-30551 - Type confusion in V8 CVE-2021-30554 - Use-after-free in WebGL CVE-2021-30563 - Type Confusion in V8

Chrome users are advised to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read Entire Article