Saturday, January 25, 2025
HomeChromeCritical Chrome 0-Day Vulnerability Exploited in Wide - Update Your Chrome Now!!

Critical Chrome 0-Day Vulnerability Exploited in Wide – Update Your Chrome Now!!

Published on

SIEM as a Service

Follow Us on Google News

Google recently updated its Chrome web browser on an emergency basis, since for the 8th consecutive time in a row Google fixed critical 0-day vulnerabilities this year.

Apart from this, a 0-day vulnerability generally refers to a security vulnerability that has not yet been patched. That’s why as a fix for the recently detected 0-day and 6 other security vulnerabilities, Google released Chrome desktop version 91.0.4472.164 for all the major platforms like:-

  • Windows
  • Mac
  • Linux

Ninth 0-day patched this year

The cybersecurity experts at Google tracked the 0-day vulnerability as, CVE-2021-30563, and they also claimed that an exploit for this 0-day vulnerability exists in the wild, and it’s reported by an external contributor.

This 0-day vulnerability is a “Type Confusion in V8,” and the security experts at Google marked this 0-day with a high severity tag.

Since the start of 2021 in total, Google has now fixed 9 0-day vulnerabilities in the Chrome browser, and here’s the list of all 0-day flaws fixed by Google this year is mentioned below:-

CVE-2021-21148 – Heap buffer overflow in V8 (February 4th, 2021)

CVE-2021-21166 – Object recycle issue in audio (March 2nd, 2021)

CVE-2021-21193 – Use-after-free in Blink (March 12th, 2021)

CVE-2021-21206 – Use-after-free in Blink (April 7th, 2021)

CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64 (April 13th, 2021)

CVE-2021-21224 – Type confusion in V8 (April 20th, 2021)

CVE-2021-30551 – Type confusion in V8 (June 9th, 2021)

CVE-2021-30554 – Use-after-free in WebGL (June 17th, 2021)

CVE-2021-30563 – Type confusion in V8 (July 15th, 2021)

Moreover, along with this critical 0-day vulnerability, Google also patched other 6 security flaws, and here they are mentioned below:-

  • CVE-2021-30559 (High Severity)

Out of bounds write in ANGLE, and it’s reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11.

  • CVE-2021-30541 (High Severity)

Use after free in V8, and it’s reported by Richard Wheeldon on 2021-05-31.

  • CVE-2021-30560 (High Severity)

Use after free in Blink XSLT, and it’s reported by Nick Wellnhofer on 2021-06-12.

  • CVE-2021-30561 (High Severity)

Type Confusion in V8 and it’s reported by Sergei Glazunov of Google Project Zero on 2021-06-14.

  • CVE-2021-30562 (High Severity)

Use after free in WebSerial and it’s reported by Anonymous on 2021-06-15.

  • CVE-2021-30564 (Medium Severity)

Heap buffer overflow in WebXR and it’s reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17.

However, the cybersecurity researchers at Google have not yet disclosed publicly any key details or the specific circumstances of CVE-2021-30563.

As Google has affirmed that the security fix for this 0-day flaw will become available to all users globally over the following days since Google has started rolling out this new update globally to the Stable desktop channel.

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...