Google patches some serious Chrome security flaws

Google fixed the zero-days less than a week after they were first reported

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas revealed that the latest release of itsChrome web browserfixes eleven security vulnerabilities,two of which are potentially serious zero-day exploits.

Furthermore, the search giant disclosed that it was aware that two of the eleven bugs, tracked as CVE-2021-30632 and CVE-2021-30633, were being exploited in the wild.

According to theofficial release notes, both of the zero-days are memory bugs. It classifies CVE-2021-30632 as an out of bounds write in the browser’s V8JavaScriptengine, while CVE-2021-30633 is labeled as a “use after free” bug in Indexed DB API, which is a JavaScript API for managing a NoSQLdatabaseof JSON objects.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Interestingly, these two zero-days were the only vulnerabilities that were listed as being submitted anonymously on September 8.

Popular target

Even though Google has admitted that the zero-days are being exploited in the wild, it hasn’t shared any details about the attacks.

Reporting on the release,BleepingComputer sharesthat while memory bugs often lead to browser crashes, they can be exploited to perform remote code execution, sandbox escapes, and other malicious activities as well.

Reportedly, these two zero-days bring the total number of patched zero-day vulnerabilities in the Chromeweb browserin 2021 to ten.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS,” Kevin Dunne, president at cybersecurity vendor Pathlock, shared withZDNet.

John Bambenek, principal threat hunter at Netenrich went one step ahead and toldZDNetthat since the vulnerabilities have now been patched, users can expect exploitation to go up.

ViaZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Best secure file transfer solution of 2024

Best lightweight Linux distro of 2024

Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up