Thursday, June 20, 2024

Critical Chrome 0-Day Vulnerability Exploited in Wide – Update Your Chrome Now!!

Google recently updated its Chrome web browser on an emergency basis, since for the 8th consecutive time in a row Google fixed critical 0-day vulnerabilities this year.

Apart from this, a 0-day vulnerability generally refers to a security vulnerability that has not yet been patched. That’s why as a fix for the recently detected 0-day and 6 other security vulnerabilities, Google released Chrome desktop version 91.0.4472.164 for all the major platforms like:-

  • Windows
  • Mac
  • Linux

Ninth 0-day patched this year

The cybersecurity experts at Google tracked the 0-day vulnerability as, CVE-2021-30563, and they also claimed that an exploit for this 0-day vulnerability exists in the wild, and it’s reported by an external contributor.

This 0-day vulnerability is a “Type Confusion in V8,” and the security experts at Google marked this 0-day with a high severity tag.

Since the start of 2021 in total, Google has now fixed 9 0-day vulnerabilities in the Chrome browser, and here’s the list of all 0-day flaws fixed by Google this year is mentioned below:-

CVE-2021-21148 – Heap buffer overflow in V8 (February 4th, 2021)

CVE-2021-21166 – Object recycle issue in audio (March 2nd, 2021)

CVE-2021-21193 – Use-after-free in Blink (March 12th, 2021)

CVE-2021-21206 – Use-after-free in Blink (April 7th, 2021)

CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64 (April 13th, 2021)

CVE-2021-21224 – Type confusion in V8 (April 20th, 2021)

CVE-2021-30551 – Type confusion in V8 (June 9th, 2021)

CVE-2021-30554 – Use-after-free in WebGL (June 17th, 2021)

CVE-2021-30563 – Type confusion in V8 (July 15th, 2021)

Moreover, along with this critical 0-day vulnerability, Google also patched other 6 security flaws, and here they are mentioned below:-

  • CVE-2021-30559 (High Severity)

Out of bounds write in ANGLE, and it’s reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11.

  • CVE-2021-30541 (High Severity)

Use after free in V8, and it’s reported by Richard Wheeldon on 2021-05-31.

  • CVE-2021-30560 (High Severity)

Use after free in Blink XSLT, and it’s reported by Nick Wellnhofer on 2021-06-12.

  • CVE-2021-30561 (High Severity)

Type Confusion in V8 and it’s reported by Sergei Glazunov of Google Project Zero on 2021-06-14.

  • CVE-2021-30562 (High Severity)

Use after free in WebSerial and it’s reported by Anonymous on 2021-06-15.

  • CVE-2021-30564 (Medium Severity)

Heap buffer overflow in WebXR and it’s reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17.

However, the cybersecurity researchers at Google have not yet disclosed publicly any key details or the specific circumstances of CVE-2021-30563.

As Google has affirmed that the security fix for this 0-day flaw will become available to all users globally over the following days since Google has started rolling out this new update globally to the Stable desktop channel.

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the...

Hackers Exploit Progressive Web Apps to Steal Passwords

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs)...

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While...

Threat Actor Claims Breach of Jollibee Fast-Food Gaint

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation,...

Threat Actors Claiming Breach of Accenture Employee Data

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of...

Diamorphine Rootkit Exploiting Linux Systems In The Wild

Threat actors exploit Linux systems because they are prevalent in organizations that host servers,...

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles