Google releases updates for flaws in Chrome
In an attempt to address 11 security flaws in Chrome web browsers, Google played its part in issuing security updates. It also stated that 2 of these flaws were exploited zero-days in the wild.
Dubbed as CVE-2021-30632 and CVE-2021-30633, these flaws related to an out of bounds write in V8 JavaScript engine and use after free flaw in Indexed DB API, respectively. Google credited anonymous experts for identifying and reporting the bugs.
The internet giant also acknowledged its awareness of exploits for CVE-2021-30632 and CVE-2021-30633 in the wild. It, however, did not share additional details about the means, timing, and the place the vulnerability was exploited, as well as no information on the threat actors abusing these vulnerabilities, was disclosed.
Also Read: Site Isolation Protection evaded by a newly discovered attack
With these two additional security inadequacies, 11 zero-day vulnerabilities in Chrome has been addressed by Google, throughout the year.
- CVE-2021-21148 – Heap buffer overflow in V8
- CVE-2021-21166 – Object recycle issue in audio
- CVE-2021-21193 – Use-after-free in Blink
- CVE-2021-21206 – Use-after-free in Blink
- CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64
- CVE-2021-21224 – Type confusion in V8
- CVE-2021-30551 – Type confusion in V8
- CVE-2021-30554 – Use-after-free in WebGL
- CVE-2021-30563 – Type Confusion in V8
In light of these flaws, Chrome users are recommended to upgrade to the latest version (93.0.4577.82) for Windows, Mac, and Linux. This can be done by heading to Settings > Help > ‘About Google Chrome’. This will alleviate the risk of threats and attacks associated with the flaw.
