Google Successfully Patched 10th Chrome Zero-day Vulnerability in This Year

Recently, on Monday, Google has published fixes for 11 different bugs in Chrome, which also include two zero-days that are currently being exploited in the wild. 

Google Chrome is a browser that generally connects a minimal configuration with sophisticated technology, and the main motive of this is to make the web faster, safer, and easier. 

Google released the new version of Chrome (93.0.4577.82) for all the major platforms like:- 

  • Windows
  • Mac
  • Linux

And not only that even the cybersecurity researchers have also affirmed this new version of Google Chrome will roll out over the coming days or weeks.

EHA

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done. 

As we said that there were two Zero-day vulnerabilities are fixed in the update. Two Chrome zero-day vulnerabilities and here they are mentioned below:-

CVE-2021-30632 is an out-of-bounds write in the V8 JavaScript engine, and the CVE-2021-30633 bug is a use-after-free bug in the Indexed DB API. 

Security Fixes and Rewards

As we said above that this new update has included 11 security fixes, and the security analysts have highlighted all the fixes that were provided by external researchers, so, that’s why we have mentioned them all below:-

  • CVE-2021-30625: It’s a use after free in Selection API, and it has been proclaimed by Marcin Towalski of Cisco Talos on 2021-08-06 which is marked as HIGH severity and Marcin Towalski was rewarded with $7500.
  • CVE-2021-30626: It’s an out-of-bounds memory access in ANGLE. And it has been reported by Jeonghoon Shin of Theori on 2021-08-18, it is marked as HIGH severity and Google rewarded $7500 for fixing it.
  • CVE-2021-30627: Type Breakdown in Blink layout, it has been reported by Aki Helin of OUSPG on 2021-09-01, it is marked as HIGH severity and Google rewarded $5000 for fixing it.
  • CVE-2021-30628: Stack buffer overflow in ANGLE, has been reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18 and it is marked as HIGH severity.
  • CVE-2021-30629: Use after free in Permissions. Published by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-26 and it’s marked as HIGH severity.
  • CVE-2021-30630: Inappropriate implementation in Blink, and it has been published by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30, and it’s marked as HIGH severity.
  • CVE-2021-30631: Type Confusion in Blink layout. As reported by Atte Kettunen of OUSPG on 2021-09-06, and it’s marked as HIGH severity.
  • CVE-2021-30632: Out of bounds write in V8. It has been announced by Anonymous on 2021-09-08, and it’s marked as HIGH severity.
  • CVE-2021-30633: Use after free in Indexed DB API, and it has been Published by Anonymous on 2021-09-08, and it’s marked as HIGH severity.

Moreover, the security experts concluded that now when all the vulnerability has been patched, exploitation will ramp up. 

But, they also stated that Google Chrome is one of the best resolutions for Internet browsing that provides a high level of security, speed, and great features.

Found this article interesting!! Follow us on LinkedinTwitterFacebook for daily Cyber Security News & Updates