For this flaw, Google didn’t reveal much information about it and just gave credit to the cybersecurity researchers for reporting it. The second one, designated with CVE-2021-37976 rated as medium severity level and described as “information leak in core”. It is used to increase speed of the browser by translating JavaScript code into ECMAScript instead of using an interpreter. Use-after-free is described as a referencing memory after it has been freed that can cause a program to crash, use unexpected values, or execute code.Ĭhrome V8 is Google’s open-source high-performance JavaScript and Web Assembly engine. The first one, a zero-day flaw designated as CVE-2021-37975 rated with high severity level for the issue “Use After Free” in the Chrome V8 JavaScript and Web Assembly engine. These vulnerabilities are assigned with CVE-2021-37975 and CVE-2021-37976 with a rating high and medium respectively. In-Depth Analysis of Two Active Zero-Day Vulnerabilities in Google Chrome: Including this, Google has patched the fourth and fifth active zero-day fixes last month alone and 14 vulnerabilities in the year 2021. Here is the article – Urgent Patch for Active Zero-Day Vulnerability in Portal API of Google Chrome These two zero-day flaws’ security update was released just 5 days after they issued a similar kind of fix for active zero-day vulnerability ( CVE-2021-37973) found in Google’s Portal feature of Chrome Browser. The emergency security update was issued to desktops running operating systems Windows, Mac and Linux. However, if you don’t, you can do so manually, by navigating to the About Google Chrome section which you’ll find in the menu bar under Help.Google has released an urgent security patch for its Chrome Browser to fix a new pair of Active Zero-Day Vulnerabilities exploited by the attackers in the wild. If you have automatic updates enabled, then the browser should be able to update to the newest version by itself. Needless to say, you would do well to update your browsers to the latest version (.101) as soon as possible. This is common practice with such releases as the company aims to give as many users as possible a chance to update their Chrome browser to the newest available version and so lower the chance of the loopholes being exploited by cybercriminals. Google hasn’t disclosed any additional details about the vulnerabilities. Six bugs were listed as high-severity, two are classified as medium in severity and one achieved the highest rating of critical. The Chrome update fixes 14 security loopholes in total, with the tech giant specifically listing nine other bugs beyond the disclosed zero-day where the fixes were contributed by external researchers. This vulnerability was discovered by Clément Lecigne, also of Google’s TAG, and was plugged as part of Microsoft’s Patch Tuesday cycle earlier this week. Tracked as CVE-2021-33742, the latter is a remote code execution vulnerability in the Windows MSHTML platform and it impacts all supported versions of the Microsoft Windows operating system. While details about the security loophole remain sparse, Shane Huntley, Director of Google Security’s Threat Analysis Group (TAG), tweeted that the threat actor that has been exploiting this vulnerability has also been targeting another zero-day. The vulnerability, classified as high in severity, was disclosed by Sergei Glazunov, a member of Google’s Project Zero bug-hunting squad. “Google is aware that an exploit for CVE-2021-30551 exists in the wild,” reads Google’s security update describing the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers. The bugs affect the Windows, macOS, and Linux versions of the browser. Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |