Google actively fixes zero-day leak in Chrome

 Google has released a new version of Chrome that fixes an actively attacked zero-day vulnerability in the browser. The vulnerability, designated CVE-2021-30563, resides in the V8 JavaScript engine that Chrome and other browsers use to execute JavaScript.

The impact of the vulnerability has been rated "high". This case concerns leaks that allow an attacker to execute code within the context of the browser. It is then possible, for example, to read or adjust data from other websites. Vulnerabilities to escape from the Chrome sandbox are also included. The vulnerability in itself is not sufficient to take over a system. This would require a second vulnerability, for example in the underlying operating system.

Details about the observed attacks, such as the number of victims, when the attacks occurred, and how were not provided by Google. The tech company was briefed about the vulnerability on July 12 by an anonymous security researcher. On Wednesday, Google announced that previous zero-day leaks in Chrome had been used against targets in Armenia.

Users are advised to update to Google Chrome 91.0.4472.164, which is available for Linux, macOS, and Windows. This will happen automatically on most systems. Microsoft Edge Chromium, like Chrome, is based on the Chromium browser. It is expected that Microsoft will soon come up with an update for its own browser.

Below is an overview of the eight zero-day leaks in Google Chrome and when they were fixed. It was recently revealed that Google has registered a record number of zero days this year .

  • CVE-2021-21148 - 4 february
  • CVE-2021-21166 - March 2
  • CVE-2021-21193 - March 12
  • CVE-2021-21220 - 13 april
  • CVE-2021-21224 - 20 april
  • CVE-2021-30551 - 9 june
  • CVE-2021-30554 - 17 june
  • CVE-2021-30563 - 15 july

Previous Post Next Post