An advisory from Google for those who are using Chrome browser. Google discovered 14 new Chrome 0-day vulnerabilities and asked to update the browser as soon as possible.
Google has fixed the vulnerabilities and rolled out an update on 9th June. The company also said that CVE-2021-30551 vulnerability actively exploited in the wild. Here is the tweet from Shane Huntley Director of Google’s Threat Analysis Group. Shane Huntley also quoted that the CVE-2021-30551 vulnerability was targeted by the same threat actor that abused CVE-2021-33742,
Table of Contents
List Of Vulnerabilities:
Critical:
CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
High:
CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18
CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23
CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
Medium:
CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20
CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17
Google’s Recommendation For Chrome 0-Day Vulnerabilities:
Google has released fixed all these vulnerabilities and released an updated version on 9th June 2021. Please update your browser to version 91.0.4472.101 or anything above.
Procedure To Update Chrome Browser:
The update procedure is very simple. It’s just a matter of a couple of clicks.
- Locket the three dots buttons at the top right corner of the window. A dropdown will appear.
- Then select Help > About Google Chrome on the dropdown. Update will start by itself if your machine is connected to the internet.
- After the update gets completed, it asks to relaunch the browser to complete the update process.
- Click on the Relaunch button. That’s it.
Thanks for reading this post. Please share this post with everybody and make them aware of the new Chrome 0-Day Vulnerabilities.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/269979.html