HomeUpdatesChrome: Google fixes two other zero-day vulnerabilities

Chrome: Google fixes two other zero-day vulnerabilities

Google released it Chrome 93.0.4577.82 for Windows, Mac, and Linux to correct eleven vulnerabilities, two of which are zero-day and have been used in attacks.

See also: Next generation technology in Chrome 94 beta for better gaming

Google Chrome zero-day

The company said in the release notes for the new version of Chrome that it knows the two vulnerabilities CVE-2021-30632 and CVE-2021-30633 have been used by cyber criminals.

The new update, which corrects zero-day vulnerabilities, is circulating worldwide at Stable desktop channel and Google says it will be available to all users in the coming days.

See also: The Chrome OS update brings us new features

You can check for the update yourself, but the Google Chrome will also automatically check for new updates the next time the browser restarts.

Google Chrome: Ten zero-day vulnerabilities have been fixed in 2021

The two new Chrome zero-day vulnerabilities that were fixed with the new update were revealed to Google on September 8, 2021 and are both memory bugs.

Vulnerability CVE-2021-30632 is one out-of-bounds write in V8 JavaScript engine and error CVE-2021-30633 is one use-after-free bug in the Indexed DB API.

These vulnerabilities lead to browser crashes, however, they can sometimes be used for execute commands remotely and for other malicious activities.

See also: Windows MSHTML zero-day: Exploits have been leaked to hacking forums

Google has revealed that both bugs have been used by criminals, but did not provide further details on the attacks.

The following is a list of Chrome zero-day bugs that Google has fixed in 2021. Along with the two new bugs, Google has fixed 10 zero-days within the year:

  • CVE-2021-21148 - 4 February 2021
  • CVE-2021-21166 - March 2, 2021
  • CVE-2021-21193 - March 12, 2021
  • CVE-2021-21220 - 13 April 2021
  • CVE-2021-21224 - 20 April 2021
  • CVE-2021-30551 - 9 June 2021
  • CVE-2021-30554 - 17 June 2021
  • CVE-2021-30563 - 15 July 2021

As the vulnerabilities have already been exploited, Users are invited to update Google Chrome to the latest version immediately.

Source: Bleeping Computer

Digital fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!