Google Patches Actively Exploited Zero-Day Security Flaw In Chrome, Update ASAP


Google Chrome Logo with Patch
In case you make use of Google’s Chrome browser in your desktop, remember there’s an replace obtainable that patches up a handful of safety flaws, together with a zero-day vulnerability that’s being actively exploited within the wild. As such, it is a tremendously good thought to manually replace Chrome fairly than ready for an computerized roll-out.
That individual vulnerability is being tracked as CVE-2021-4102 with a ‘Excessive’ rated menace degree. The precise particulars of the bug are “Reserved,” which means they aren’t but obtainable to disseminate by most people. That is pretty frequent, as Google needs to make sure that Chrome customers are correctly patched and guarded earlier than serving up particulars that hackers might in any other case use to nefarious benefit.

“Google is conscious of studies that an exploit for CVE-2021-4102 exists within the wild,” Google acknowledged in a  safety advisory. “We might additionally prefer to thank all safety researchers that labored with us through the growth cycle to stop safety bugs from ever reaching the steady channel.”

There are three different Excessive-rated safety holes and one that’s Vital. Right here they’re as outlined within the safety advisory, together with their bug bounty award quantities (the place relevant)…
  • [$NA][1263457] Vital CVE-2021-4098: Inadequate information validation in Mojo. Reported by Sergei Glazunov of Google Undertaking Zero on 2021-10-26

  • [$5000][1270658] Excessive CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16

  • [$5000][1272068] Excessive CVE-2021-4100: Object lifecycle situation in ANGLE. Reported by Aki Helin of Solita on 2021-11-19

  • [$TBD][1262080] Excessive CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21

  • [$TBD][1278387] Excessive CVE-2021-4102: Use after free in V8. Reported by Nameless on 2021-12-09

As to CVE-2021-4102, whereas fine-grain particulars aren’t obtainable, Google does not less than disclose that it’s a “Use after free in V8” bug, which is Chrome’s JavaScript engine. It is basically a flaw throughout the browser’s consumer of dynamic reminiscence, and usually talking these exploits can result in crashes, corrupted information, and arbitrary code execution.

To preliminary a handbook replace in Chrome, click on the three vertical dots within the upper-right nook and navigate to Assist > About Google Chrome. The newest model on the time of this writing is 96.0.4464.110.

Be the first to comment

Leave a Reply

Your email address will not be published.


*