Google just released an extensive Chrome update fixing seven vulnerabilities, one of which a zero-day.
The zero-day is tracked as CVE-2021-21224, and exploits for it exist in the wild. You should check whether you are running the latest version of Google Chrome.
“The Stable channel has been updated to 90.0.4430.85 for Windows, Mac and Linux which will roll out over the coming days/weeks,” the company said in a blog post.
More about CVE-2021-21224 Zero-Day
According to security researcher Lei Cao, the vulnerability is triggered by performing integer data type conversion. This creates an out-of-bounds condition that could cause arbitrary memory read/write primitive.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the company added. A proof-of-concept code for the vulnerability was released mid-April by a researcher known as frust, following a fix in the V8 source code. The patch wasn’t added to the Chromium codebase, making Chromium-based browsers Chrome, Edge, Vivaldi, Opera, and Brave vulnerable.
These updates come shortly after Google released patches for two other vulnerabilities, CVE-2021-21206 and CVE-2021-21220. The second vulnerability was demonstrated during Pwn2Own 2021 earlier this month by Dataflow Security’s researchers Bruno Keith and Niklas Baumstark. The two researchers won $100,000 from the hacking contest for successfully exploiting the vulnerability to run malicious code within Chrome and Edge browsers.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: