Friday, March 29, 2024

Critical Chrome 0-Day Vulnerability Exploited in Wide – Update Your Chrome Now!!

Google recently updated its Chrome web browser on an emergency basis, since for the 8th consecutive time in a row Google fixed critical 0-day vulnerabilities this year.

Apart from this, a 0-day vulnerability generally refers to a security vulnerability that has not yet been patched. That’s why as a fix for the recently detected 0-day and 6 other security vulnerabilities, Google released Chrome desktop version 91.0.4472.164 for all the major platforms like:-

  • Windows
  • Mac
  • Linux

Ninth 0-day patched this year

The cybersecurity experts at Google tracked the 0-day vulnerability as, CVE-2021-30563, and they also claimed that an exploit for this 0-day vulnerability exists in the wild, and it’s reported by an external contributor.

This 0-day vulnerability is a “Type Confusion in V8,” and the security experts at Google marked this 0-day with a high severity tag.

Since the start of 2021 in total, Google has now fixed 9 0-day vulnerabilities in the Chrome browser, and here’s the list of all 0-day flaws fixed by Google this year is mentioned below:-

CVE-2021-21148 – Heap buffer overflow in V8 (February 4th, 2021)

CVE-2021-21166 – Object recycle issue in audio (March 2nd, 2021)

CVE-2021-21193 – Use-after-free in Blink (March 12th, 2021)

CVE-2021-21206 – Use-after-free in Blink (April 7th, 2021)

CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64 (April 13th, 2021)

CVE-2021-21224 – Type confusion in V8 (April 20th, 2021)

CVE-2021-30551 – Type confusion in V8 (June 9th, 2021)

CVE-2021-30554 – Use-after-free in WebGL (June 17th, 2021)

CVE-2021-30563 – Type confusion in V8 (July 15th, 2021)

Moreover, along with this critical 0-day vulnerability, Google also patched other 6 security flaws, and here they are mentioned below:-

  • CVE-2021-30559 (High Severity)

Out of bounds write in ANGLE, and it’s reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11.

  • CVE-2021-30541 (High Severity)

Use after free in V8, and it’s reported by Richard Wheeldon on 2021-05-31.

  • CVE-2021-30560 (High Severity)

Use after free in Blink XSLT, and it’s reported by Nick Wellnhofer on 2021-06-12.

  • CVE-2021-30561 (High Severity)

Type Confusion in V8 and it’s reported by Sergei Glazunov of Google Project Zero on 2021-06-14.

  • CVE-2021-30562 (High Severity)

Use after free in WebSerial and it’s reported by Anonymous on 2021-06-15.

  • CVE-2021-30564 (Medium Severity)

Heap buffer overflow in WebXR and it’s reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17.

However, the cybersecurity researchers at Google have not yet disclosed publicly any key details or the specific circumstances of CVE-2021-30563.

As Google has affirmed that the security fix for this 0-day flaw will become available to all users globally over the following days since Google has started rolling out this new update globally to the Stable desktop channel.

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles