Update Chrome Now, new Zero-Day Exploit hits Google’s browser – Chrome Unboxed

For the 6th time this year, Google has actually released an upgrade to the Chrome web browser which contains a patch for a known zero-day exploit. The vulnerability was Reported by Sergei Glazunov of Google Project Zero. While little information are readily available relating to the security issue, the changelog indicate a “Confusion in V8” which is the JavaScript engine that powers Chrome and Chromium-based browsers. Google has validated that a zero-day exploit was spotted in the wild which is why it is extremely important to upgrade your Chrome browser as quickly as possible.

A Zero-Day exploit is a vulnerability that has actually received a real-world attack prior to or the exact same day that the security weakness was found. While this specific patch is the just recognized zero-day, there were a handful of high-priority updates in the most recent variation of Chrome in addition to one concern marked “vital” that netted Alpha Lab a bug bounty of $25,000. Listed below you can see the list of patches presented in Chrome Desktop version 91.0.4472.101 for macOS, Windows, and Linux.

  • [$ 25000] [https://crbug.com/1212618″>1212618] Vital CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
  • [$ 20000] [https://crbug.com/1201031″>1201031] High CVE-2021-30545: Use after totally free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
  • [$ NA] [https://crbug.com/1206911″>1206911] High CVE-2021-30546: Use after totally free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
  • [$ TBD] [https://crbug.com/1210414″>1210414] High CVE-2021-30547: Out of bounds compose in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
  • [$ TBD] [https://crbug.com/1210487″>1210487] High CVE-2021-30548: Use after totally free in Loader. Reported by Yangkang(@dnpushme) & & Wanglu of Qihoo360 Qex Team on 2021-05-18
  • [$ TBD] [https://crbug.com/1212498″>1212498] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
  • [$ TBD] [https://crbug.com/1212500″>1212500] High CVE-2021-30550: Use after complimentary in Accessibility. Reported by David Erceg on 2021-05-23
  • [$ NA] [https://crbug.com/1216437″>1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
  • [$ TBD] [https://crbug.com/1200679″>1200679] Medium CVE-2021-30552: Use after totally free in Extensions. Reported by David Erceg on 2021-04-20
  • [$ TBD] [https://crbug.com/1209769″>1209769] Medium CVE-2021-30553: Use after complimentary in Network service. Reported by Anonymous on 2021-05-17

The vulnerability was Reported by Sergei Glazunov of Google Project Zero. While little information are readily available relating to the security problem, the changelog points to a “Confusion in V8” which is the JavaScript engine that powers Chrome and Chromium-based internet browsers. A Zero-Day make use of is a vulnerability that has actually received a real-world attack prior to or the exact same day that the security weakness was discovered. While this particular spot is the just known zero-day, there were a handful of high-priority updates in the newest version of Chrome as well as one issue marked “vital” that netted Alpha Lab a bug bounty of $25,000. If you are using Chrome Desktop, you ought to take a minute to see if you have an upgrade offered.

This is a prime example of why you ought to always keep your web browser as much as date. As much as developers would like to keep their software application 100% safe and secure all the time, continuous advancement indicates brand-new vulnerabilities and often, they aren’t identified till they are out in the wild. If you are using Chrome Desktop, you ought to take a minute to see if you have an update readily available. You can do so by heading to Settings> Help> About Google Chrome and clicking the check for updates button. The most current version has actually started rolling out and most users must see it show up over the next couple of days. If you are currently on version 91.0.4472.101, you’re great to go. Find out more about the upgrade here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: