For the sixth time this year, Google has issued an update to the Chrome browser that contains a patch for a known zero-day exploit. The vulnerability was Reported by Sergei Glazunov of Google Project Zero. While little details are available pertaining to the security issue, the changelog points to a “Confusion in V8” which is the JavaScript engine that powers Chrome and Chromium-based browsers. Google has confirmed that a zero-day exploit was spotted in the wild which is why it is very important to update your Chrome browser as soon as possible.
A Zero-Day exploit is a vulnerability that has received a real-world attack prior to or the same day that the security weakness was discovered. While this particular patch is the only known zero-day, there were a handful of high-priority updates in the latest version of Chrome as well as one issue marked “critical” that netted Alpha Lab a bug bounty of $25,000. Below you can see the list of patches rolled out in Chrome Desktop version 91.0.4472.101 for macOS, Windows, and Linux.
- [$25000][1212618] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
- [$20000][1201031] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
- [$NA][1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
- [$TBD][1210414] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
- [$TBD][1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18
- [$TBD][1212498] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
- [$TBD][1212500] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23
- [$NA][1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
- [$TBD][1200679] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20
- [$TBD][1209769] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17
This is a prime example of why you should always keep your browser up to date. As much as developers would love to keep their software 100% secure all the time, ongoing development means new vulnerabilities and sometimes, they aren’t identified until they are out in the wild. If you are using Chrome Desktop, you should take a minute to see if you have an update available. You can do so by heading to Settings > Help > About Google Chrome and clicking the check for updates button. The latest version has started rolling out and most users should see it arrive over the next few days. If you are already on version 91.0.4472.101, you’re good to go. Learn more about the update here.
Leave a Reply
You must be logged in to post a comment.