HomesecurityGoogle Chrome V8 JavaScript engine Vulnerability: Update immediately

Google Chrome V8 JavaScript engine Vulnerability: Update immediately

Google Chrome continues to dominate the web browser market with more than two billion users worldwide. But the issue is that it is also at the center of hackers, forcing Google to issue the third urgent upgrade warning within a month. The new zero-day exploit is said to be a V8 JavaScript engine. What exactly does this mean? You will see it below!

V8 JavaScript engine
Google Chrome V8 JavaScript engine Vulnerability: Update Now!

In an official blog post, Google revealed that a new "zero-day" exploit (CVE-2021-30563) has been discovered in Chrome and - like the previous attack - an anonymous update follows. Unlike most security vulnerabilities, a zero-day classification means that the exploit has been made public before the company can patch it. Writing in its blog, Google confirmed that "it knows that an exploit for CVE-2021-30563 is being released".

See also: Google Chrome: Fixing an eighth zero-day bug in six months

Little is known about exploit other than Google categorizing it as "Type Confusion on V8" - the open source JavaScript engine at the heart of Chrome. This privacy is typical of zero-day bugs, as Google tries to minimize the spread of intrusion before Chrome users have the opportunity to upgrade and protect themselves.

To address this new threat, all Chrome users should go to Settings> Help> About Google Chrome. If your browser version is on Linux, MacOS and Windows is referred to as 91.0.4472.164 or higher, you are already safe. If not, check manually for updates and restart your browser as soon as the update is complete. Google has also confirmed that six other "high-level" threats have been fixed in this version of Chrome, as well as a single "mid-level" vulnerability.

CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. The fact that Google usually releases security updates for zero-day attacks within a few days is extremely positive, but in the end their effectiveness is determined by the speed with which Chrome users update their browsers their.

See also: Google Chrome: Acquires HTTPS-Only for secure browsing

Attacks on Chrome have been rampant in recent months, mostly by a group called puzzlemak is. The team succeeded in chaining Chrome zero-day bugs to install malware on systems Windows. Microsoft itself issued an emergency security warning for Windows users this June.

Chrome users would be wise to keep an eye on updates and ensure that both your browser and your operating system are up to date.

V8 JavaScript engine Google Chrome V8
Google Chrome V8 JavaScript engine Vulnerability: Update Now!

But how dangerous is a zero-day?

On the first day, any bug or vulnerability in an online or offline software has not yet been fixed by the company or its developer. Thus, zero-day exploits guarantee a high probability of a successful attack for attackers. This is why zero-day exploits are very dangerous for the target person or organization.

It is believed that advanced cybercrime or hacking groups - especially some organized groups cybercrime - maintain all zero-day vulnerabilities to attack high value targets. Their list usually includes foreign government websites, financial or popular institutions, or other important targets.

For example, Mozilla Firefox had two unknown zero-day errors in June 2019 - "Type confusion in Array.pop" and "Sandbox escape using Prompt: Open". Unfortunately, a hacking team discovered these zero-day vulnerabilities and used them to attack various cryptocurrency exchanges.

See also: How to use Do Not Disturb on your Chromebook

The zero-day vulnerability is not resolved until users install the required patch or patch on their systems. Of course, this process takes a long time, and then there are users who can not fix a zero-day vulnerability.

What is the end result? Attackers try to find unpatched systems and target n-day vulnerabilities to gain access to vulnerable systems - especially the most critical targets such as large companies.

Source of information:

Teo Ehc
Be the limited edition.