Google actively fixes attacked zero-day leaks in Chrome

Google actively fixes attacked zero-day leaks in Chrome

Google Chrome users have been warned about two zero-day browser vulnerabilities that have been actively used in attacks. Google has since released security updates to fix the vulnerabilities. This brings the total number of zero-day leaks resolved this year to ten.

The vulnerabilities, designated CVE-2021-30632 and CVE-2021-30633, are present in V8 and the Indexed DB API. V8 is the JavaScript engine that Chrome and other browsers use to run JavaScript. Indexed DB is a programming interface for storing data within the browser. The impact of both vulnerabilities has been rated "high".

This concerns vulnerabilities that allow an attacker to execute code within the context of the browser. It is then possible, for example, to read or adjust data from other websites. Vulnerabilities to escape from the Chrome sandbox are also included. The vulnerability in itself is not sufficient to take over a system. This would require a second vulnerability, for example in the underlying operating system.

Details about the observed attacks, such as the number of victims, when the attacks took place and how, were not provided by Google. The tech company was briefed on the vulnerabilities on September 8 by an anonymous security researcher.

Users are advised to update to Google Chrome 93.0.4577.82 , which is available for Linux, macOS, and Windows. This will happen automatically on most systems. Microsoft Edge Chromium, like Chrome, is based on the Chromium browser. It is expected that Microsoft will soon come up with an update for its own browser.

Below is an overview of the ten zero-day leaks in Google Chrome and when they were fixed. It was recently revealed that Google has registered a record number of zero days this year .

  • CVE-2021-21148 - 4 february
  • CVE-2021-21166 - March 2
  • CVE-2021-21193 - March 12
  • CVE-2021-21220 - 13 april
  • CVE-2021-21224 - 20 april
  • CVE-2021-30551 - 9 juny
  • CVE-2021-30554 - 17 juny
  • CVE-2021-30632 - 13 sept
  • CVE-2021-30633 - 13 sept

Previous Post Next Post