Tuesday, September 10, 2024
HomeChromeCritical Chrome 0-Day Vulnerability Exploited in Wide - Update Your Chrome Now!!

Critical Chrome 0-Day Vulnerability Exploited in Wide – Update Your Chrome Now!!

Published on

Google recently updated its Chrome web browser on an emergency basis, since for the 8th consecutive time in a row Google fixed critical 0-day vulnerabilities this year.

Apart from this, a 0-day vulnerability generally refers to a security vulnerability that has not yet been patched. That’s why as a fix for the recently detected 0-day and 6 other security vulnerabilities, Google released Chrome desktop version 91.0.4472.164 for all the major platforms like:-

  • Windows
  • Mac
  • Linux

Ninth 0-day patched this year

The cybersecurity experts at Google tracked the 0-day vulnerability as, CVE-2021-30563, and they also claimed that an exploit for this 0-day vulnerability exists in the wild, and it’s reported by an external contributor.

- Advertisement - EHA

This 0-day vulnerability is a “Type Confusion in V8,” and the security experts at Google marked this 0-day with a high severity tag.

Since the start of 2021 in total, Google has now fixed 9 0-day vulnerabilities in the Chrome browser, and here’s the list of all 0-day flaws fixed by Google this year is mentioned below:-

CVE-2021-21148 – Heap buffer overflow in V8 (February 4th, 2021)

CVE-2021-21166 – Object recycle issue in audio (March 2nd, 2021)

CVE-2021-21193 – Use-after-free in Blink (March 12th, 2021)

CVE-2021-21206 – Use-after-free in Blink (April 7th, 2021)

CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64 (April 13th, 2021)

CVE-2021-21224 – Type confusion in V8 (April 20th, 2021)

CVE-2021-30551 – Type confusion in V8 (June 9th, 2021)

CVE-2021-30554 – Use-after-free in WebGL (June 17th, 2021)

CVE-2021-30563 – Type confusion in V8 (July 15th, 2021)

Moreover, along with this critical 0-day vulnerability, Google also patched other 6 security flaws, and here they are mentioned below:-

  • CVE-2021-30559 (High Severity)

Out of bounds write in ANGLE, and it’s reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11.

  • CVE-2021-30541 (High Severity)

Use after free in V8, and it’s reported by Richard Wheeldon on 2021-05-31.

  • CVE-2021-30560 (High Severity)

Use after free in Blink XSLT, and it’s reported by Nick Wellnhofer on 2021-06-12.

  • CVE-2021-30561 (High Severity)

Type Confusion in V8 and it’s reported by Sergei Glazunov of Google Project Zero on 2021-06-14.

  • CVE-2021-30562 (High Severity)

Use after free in WebSerial and it’s reported by Anonymous on 2021-06-15.

  • CVE-2021-30564 (Medium Severity)

Heap buffer overflow in WebXR and it’s reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17.

However, the cybersecurity researchers at Google have not yet disclosed publicly any key details or the specific circumstances of CVE-2021-30563.

As Google has affirmed that the security fix for this 0-day flaw will become available to all users globally over the following days since Google has started rolling out this new update globally to the Stable desktop channel.

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three...