Select Page

Google patches two Chrome zero-days

|

Google patches two Chrome zero-days

Google announced fixes for 11 different bugs in Chrome on Monday, including two zero-days currently being exploited in the wild. 

Google listed all 11 of the fixes as well as the researchers who discovered them and the bounties handed out. But the two that caused the most stir were CVE-2021-30632 and CVE-2021-30633. 

“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” Google explained. The two vulnerabilities were the only ones that were listed as being submitted anonymously on September 8.

Google added that CVE-2021-30632 related to an “out of bounds write in V8” and CVE-2021-30633 concerned a “use after free in Indexed DB API.”

All of the updates will roll out over the coming days and weeks as part of the Stable channel update to 93.0.4577.82 for Windows, Mac and Linux, Google said.

Kevin Dunne, president at Pathlock, said this was the 10th zero-day exploit that Google had patched this year. 

“This milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS,” Dunne said. 

“Google’s commitment to patching these exploits quickly is commendable, as they operate Google Chrome as freeware and therefore are the sole entity who can provide these updates. We expect to see continued zero-day exploits in the wild, but we are confident Google will continue to place effort on security and providing timely patches to these exploits.”

Browser bugs discovered from exploitation in the wild are among the most significant security threats, added John Bambenek, principal threat hunter at Netenrich

“Now that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven’t made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors,” Bambenek said. 

“Everyone wants to learn how to hack, too few people are working on defense.”

Source: https://www.zdnet.com/article/google-patches-two-chrome-zero-days/#ftag=RSSbaffb68

Rate:

Related Posts

Hydra malware targets customers of Germany’s second largest bank

Hydra malware targets customers of Germany’s second largest bank

October 1, 2021

Ransomware gangs are taking aim at ‘soft target’ industrial control systems

Ransomware gangs are taking aim at ‘soft target’ industrial control systems

July 2, 2021

It’s a truly cruel scam. Here’s the dramatic way Google is trying to stop it

It’s a truly cruel scam. Here’s the dramatic way Google is trying to stop it

December 3, 2021

Remote print server gives anyone Windows admin privileges on a PC

Remote print server gives anyone Windows admin privileges on a PC

July 31, 2021