In an official blog post, Google revealed that a new "zero-day" exploit (CVE-2021-30563) has been discovered in Chrome and - like the previous attack - an anonymous update follows. Unlike most security vulnerabilities, a zero-day classification means that the exploit has been made public before the company can patch it. Writing in its blog, Google confirmed that "it knows that an exploit for CVE-2021-30563 is being released".
To address this new threat, all Chrome users should go to Settings> Help> About Google Chrome. If your browser version is on Linux, MacOS and Windows is referred to as 91.0.4472.164 or higher, you are already safe. If not, check manually for updates and restart your browser as soon as the update is complete. Google has also confirmed that six other "high-level" threats have been fixed in this version of Chrome, as well as a single "mid-level" vulnerability.
CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. The fact that Google usually releases security updates for zero-day attacks within a few days is extremely positive, but in the end their effectiveness is determined by the speed with which Chrome users update their browsers their.
Attacks on Chrome have been rampant in recent months, mostly by a group called puzzlemak is. The team succeeded in chaining Chrome zero-day bugs to install malware on systems Windows. Microsoft itself issued an emergency security warning for Windows users this June.
Chrome users would be wise to keep an eye on updates and ensure that both your browser and your operating system are up to date.
But how dangerous is a zero-day?
On the first day, any bug or vulnerability in an online or offline software has not yet been fixed by the company or its developer. Thus, zero-day exploits guarantee a high probability of a successful attack for attackers. This is why zero-day exploits are very dangerous for the target person or organization.
It is believed that advanced cybercrime or hacking groups - especially some organized groups cybercrime - maintain all zero-day vulnerabilities to attack high value targets. Their list usually includes foreign government websites, financial or popular institutions, or other important targets.
For example, Mozilla Firefox had two unknown zero-day errors in June 2019 - "Type confusion in Array.pop" and "Sandbox escape using Prompt: Open". Unfortunately, a hacking team discovered these zero-day vulnerabilities and used them to attack various cryptocurrency exchanges.
The zero-day vulnerability is not resolved until users install the required patch or patch on their systems. Of course, this process takes a long time, and then there are users who can not fix a zero-day vulnerability.
What is the end result? Attackers try to find unpatched systems and target n-day vulnerabilities to gain access to vulnerable systems - especially the most critical targets such as large companies.
Source of information: forbes.com