Update Google Chrome to immediately Patch 2 New Zero-Day
What Happened?
Google on Monday released security updates for the Chrome web browser to address 11 security issues, two of which claimed to have been misused in zero days in the wild.
Followed as CVE-2021-30632 and CVE-2021-30633, weaknesses related to write-to-V8 JavaScript engine and post-error free use in the Indexed DB API respectively, where the internet giant notified anonymous researchers by reporting bugs in September 8.
Cause of the Latest 0-day Exploit:
As is often the case, the company said it was “aware of the exploitation of CVE-2021-30632 and CVE-2021-30633 in the wild” without further details about how, when and where the perpetrators may have been abused.
With these two security issues, Google has faced 11 days of zero risk to Chrome since the beginning of the year –
- CVE-2021-21148– Heap buffer overflow in V8
- CVE-2021-21166– Object recycle issue in audio
- CVE-2021-21193– Use-after-free in Blink
- CVE-2021-21206– Use-after-free in Blink
- CVE-2021-21220– Insufficient validation of untrusted input in V8 for x86_64
- CVE-2021-21224– Type confusion in V8
- CVE-2021-30551– Type confusion in V8
- CVE-2021-30554– Use-after-free in WebGL
- CVE-2021-30563– Type Confusion in V8
Impact of 0-day risk:
A remote attacker can create a specially designed webpage, trick the victim into visiting it, initiate a type of confusion error and create a code of resistance for the target system. Successful exploitation of this vulnerability can lead to a complete take over the system in control.
Recommendations
- Chrome users are advised to update their browser and make sure they’re running Chrome Version (0.4577.82) the version where this zero-day was patched, window, Linux, max.
- Users can head to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw.
- Real-time protection: Deploy the inline intrusion-prevention systems (IPS) that offer comprehensive protection
- Backup you data regularly to keep avoiding the loss of the data
- Deploy a web application firewall: Deploying a web application firewall will help your company react to threats in real-time.
- Use VPN to make your traffic encrypted so the attack can’t easily decrypt the data even if they access the data.