January 20, 2022

Google Patches Actively Exploited Zero-Day Safety Flaw In Chrome, Replace ASAP


Google Chrome Logo with Patch
If you happen to make use of Google’s Chrome browser in your desktop, bear in mind there’s an replace obtainable that patches up a handful of safety flaws, together with a zero-day vulnerability that’s being actively exploited within the wild. As such, it is a tremendously good thought to manually replace Chrome reasonably than ready for an computerized roll-out.
That exact vulnerability is being tracked as CVE-2021-4102 with a ‘Excessive’ rated risk stage. The precise particulars of the bug are “Reserved,” that means they don’t seem to be but obtainable to disseminate by most people. That is pretty frequent, as Google needs to make sure that Chrome customers are correctly patched and guarded earlier than serving up particulars that hackers may in any other case use to nefarious benefit.

“Google is conscious of stories that an exploit for CVE-2021-4102 exists within the wild,” Google said in a  safety advisory. “We’d additionally prefer to thank all safety researchers that labored with us through the improvement cycle to stop safety bugs from ever reaching the secure channel.”

There are three different Excessive-rated safety holes and one that’s Essential. Right here they’re as outlined within the safety advisory, together with their bug bounty award quantities (the place relevant)…
  • [$NA][1263457] Essential CVE-2021-4098: Inadequate knowledge validation in Mojo. Reported by Sergei Glazunov of Google Undertaking Zero on 2021-10-26

  • [$5000][1270658] Excessive CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16

  • [$5000][1272068] Excessive CVE-2021-4100: Object lifecycle situation in ANGLE. Reported by Aki Helin of Solita on 2021-11-19

  • [$TBD][1262080] Excessive CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21

  • [$TBD][1278387] Excessive CVE-2021-4102: Use after free in V8. Reported by Nameless on 2021-12-09

As to CVE-2021-4102, whereas fine-grain particulars are usually not obtainable, Google does at the very least reveal that it’s a “Use after free in V8” bug, which is Chrome’s JavaScript engine. It is primarily a flaw throughout the browser’s person of dynamic reminiscence, and usually talking these exploits can result in crashes, corrupted knowledge, and arbitrary code execution.

To preliminary a guide replace in Chrome, click on the three vertical dots within the upper-right nook and navigate to Assist > About Google Chrome. The newest model on the time of this writing is 96.0.4464.110.

Leave a Reply

Your email address will not be published. Required fields are marked *