Have you patched your Chrome browser? Google just fixed a serious vulnerability in its browser, stemming from a type confusion issue in its V8 open-source engine. Tracked as CVE-2021-30551, the vulnerability was discovered by Sergei Glazunov from Google Project Zero.
Google Fixes CVE-2021-30551 and Several Other Serious Bugs in Chrome
In addition to this vulnerability, fixed in Windows, macOS, and Linux, the company addressed several other flaws: CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550. CVE-2021-30551, in particular, has been used in active exploits in the wild, so patching your Chrome browser should be a top priority.
Shane Huntley, Director of Google’s Threat Analysis Group said that the CVE-2021-30551 vulnerability was exploited by the same threat actor that leveraged CVE-2021-33742. The latter is an actively exploited remote code execution bug in the Windows MSHTML platform, recently addressed by Microsoft in its Patch Tuesday update on June 8. CVE-2021-33742 is a Windows MSHTML Platform Remote Code Execution Vulnerability, which is a critical issue with a CVSS 7.5 rating.
According to security researchers, it seems that the two zero-day vulnerabilities have been provided by a commercial exploit broker to a nation-state actor. The latter utilized the zero-days in limited attacks against targets in Eastern Europe and the Middle East. We are expecting more technical information about the nature of the attacks to be released in the upcoming weeks, thus allowing time for users to update and prevent their systems.
In April, Google fixed another zero-day in its popular browser. Tracked as CVE-2021-21224, the vulnerability had exploits for it in the wild. According to security researcher Lei Cao, the vulnerability is triggered by performing integer data type conversion. This creates an out-of-bounds condition that could cause arbitrary memory read/write primitive.
You should check whether you are running the latest version of Google Chrome. “The Stable channel has been updated to 91.0.4472.101 for Windows, Mac and Linux which will roll out over the coming days/weeks,” Google said in its blog post.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me:
Problema crítico con CVSS 7.5?