Jump to content
  • Google fixes sixth Chrome zero-day exploited in the wild this year

    Karlston

    • 429 views
    • 2 minutes
     Share


    • 429 views
    • 2 minutes

    Google fixes sixth Chrome zero-day exploited in the wild this year

     

    Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.

     

    Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

     

    Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome

    Google updated to version 91.0.4472.10
    Google updated to version 91.0.4472.10

    Six Chrome zero-days exploited in the wild in 2021

    Few details regarding today's fixed zero-day vulnerability are currently available other than that it is a type confusion bug in V8, Google's open-source and C++ WebAssembly and JavaScript engine.

     

    The vulnerability was discovered by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.

     

    Google states that they are "aware that an exploit for CVE-2021-30551 exists in the wild."

     

    Shane Huntley, Director of Google's Threat Analysis Group, says that this zero-day was utilized by the same threat actors using the Windows CVE-2021-33742 zero-day fixed yesterday by Microsoft.

     

    Today's update fixes Google Chrome's sixth zero-day exploited in attacks this year, with the other five listed below:

     

    • CVE-2021-21148 - February 4th, 2021
    • CVE-2021-21166 - March 2nd, 2021
    • CVE-2021-21193 - March 12th, 2021
    • CVE-2021-21220 - April 13th, 2021
    • CVE-2021-21224 - April 20th, 2021 

     

    In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser's sandbox and install malware in Windows.

     

    "Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server," the researchers said.

     

    Microsoft fixed the Windows vulnerabilities yesterday as part of the June 2021 Patch Tuesday, but Kaspersky could not determine what Google Chrome vulnerabilities were used in the Puzzlemaker attacks.

     

    Kaspersky believes the attackers may have been using the Google Chrome CVE-2021-21224 vulnerability but have not ruled out the use of further undisclosed Chrome zero-day vulnerabilities.

     

     

    Google fixes sixth Chrome zero-day exploited in the wild this year


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...