Google Chrome 0-day Vulnerability Exploited in the Wild , update released.

July 20, 2021

What Happened?

Over the last decade, there has been an increase in attackers using 0-day exploits.

The search engine giant released a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.

Cause of the Latest 0-day Exploit:

According to the Google Threat Analysis Group (Google TAG), the zero-days were developed by an Israeli security company selling offensive hacking tools to governments across the world. Google said it detected specific cases where the two zero-days were used against targets located in Armenia.

Tracked as CVE-2021-30563, the zero-day was described as a “type confusion” bug in V8, the Chrome browser component responsible for running and interpreting JavaScript code.

The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine. The previous seven zero-days patched this year include:

CVE-2021-21148 – Chrome 88.0.4324.150, on February 4, 2021.

CVE-2021-21166 – Chrome 89.0.4389.72, on March 2, 2021.

CVE-2021-21193 – Chrome 89.0.4389.90, on March 12, 2021.

CVE-2021-21220 – Chrome 89.0.4389.128, on April 13, 2021.

CVE-2021-21224 – Chrome 90.0.4430.85, on April 20, 2021.

CVE-2021-30551 – Chrome 91.0.4472.101, on June 9, 2021.

CVE-2021-30554 – Chrome 91.0.4472.114, on June 17, 2021.

Impact of the 0-day Vulnerability:

A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system.

Recommendations

Chrome users are advised to update their browser and make sure they’re running Chrome v91.0.4472.164, the version where this zero-day was patched.
Users can head to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Google Chrome 0-day Vulnerability Exploited in the Wild , update released.

Security Team

Related Posts

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

North Korean Threat Actors Exploit Python Packages to Deliver PondRAT Malware

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure