Update Google Chrome to immediately Patch 2 New Zero-Day

September 15, 2021

What Happened?

Google on Monday released security updates for the Chrome web browser to address 11 security issues, two of which claimed to have been misused in zero days in the wild.

Followed as CVE-2021-30632 and CVE-2021-30633, weaknesses related to write-to-V8 JavaScript engine and post-error free use in the Indexed DB API respectively, where the internet giant notified anonymous researchers by reporting bugs in September 8.

Cause of the Latest 0-day Exploit:

As is often the case, the company said it was “aware of the exploitation of CVE-2021-30632 and CVE-2021-30633 in the wild” without further details about how, when and where the perpetrators may have been abused.

With these two security issues, Google has faced 11 days of zero risk to Chrome since the beginning of the year –

CVE-2021-21148– Heap buffer overflow in V8
CVE-2021-21166– Object recycle issue in audio
CVE-2021-21193– Use-after-free in Blink
CVE-2021-21206– Use-after-free in Blink
CVE-2021-21220– Insufficient validation of untrusted input in V8 for x86_64
CVE-2021-21224– Type confusion in V8
CVE-2021-30551– Type confusion in V8
CVE-2021-30554– Use-after-free in WebGL
CVE-2021-30563– Type Confusion in V8

Impact of 0-day risk:

A remote attacker can create a specially designed webpage, trick the victim into visiting it, initiate a type of confusion error and create a code of resistance for the target system. Successful exploitation of this vulnerability can lead to a complete take over the system in control.

Recommendations

Chrome users are advised to update their browser and make sure they’re running Chrome Version (0.4577.82) the version where this zero-day was patched, window, Linux, max.
Users can head to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw.
Real-time protection: Deploy the inline intrusion-prevention systems (IPS) that offer comprehensive protection
Backup you data regularly to keep avoiding the loss of the data
Deploy a web application firewall: Deploying a web application firewall will help your company react to threats in real-time.
Use VPN to make your traffic encrypted so the attack can’t easily decrypt the data even if they access the data.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Update Google Chrome to immediately Patch 2 New Zero-Day

Security Team

Related Posts

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure