Google Chrome 0-day Vulnerability Exploited in the Wild , update released.
What Happened?
Over the last decade, there has been an increase in attackers using 0-day exploits.
The search engine giant released a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.
Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.
Cause of the Latest 0-day Exploit:
According to the Google Threat Analysis Group (Google TAG), the zero-days were developed by an Israeli security company selling offensive hacking tools to governments across the world. Google said it detected specific cases where the two zero-days were used against targets located in Armenia.
Tracked as CVE-2021-30563, the zero-day was described as a “type confusion” bug in V8, the Chrome browser component responsible for running and interpreting JavaScript code.
The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine. The previous seven zero-days patched this year include:
CVE-2021-21148 – Chrome 88.0.4324.150, on February 4, 2021.
CVE-2021-21166 – Chrome 89.0.4389.72, on March 2, 2021.
CVE-2021-21193 – Chrome 89.0.4389.90, on March 12, 2021.
CVE-2021-21220 – Chrome 89.0.4389.128, on April 13, 2021.
CVE-2021-21224 – Chrome 90.0.4430.85, on April 20, 2021.
CVE-2021-30551 – Chrome 91.0.4472.101, on June 9, 2021.
CVE-2021-30554 – Chrome 91.0.4472.114, on June 17, 2021.
Impact of the 0-day Vulnerability:
A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system.
Recommendations
- Chrome users are advised to update their browser and make sure they’re running Chrome v91.0.4472.164, the version where this zero-day was patched.
- Users can head to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw.