Google released the update containing security patches for Chrome Zero-day bug, users advised to update soon
Google, on Monday has released patches for five security threats, one of which is a high-severity fault that is now being actively exploited by hackers. The updates are part of an update to version 96.0.4664.110 for Windows, Mac, and Linux in the Stable channel. This first Chrome zero-day of the year has the potential to cause a slew of problems, from data corruption to the execution of arbitrary code on susceptible systems.
The Chrome upgrade will be available in the coming weeks, according to Google. However, by going to the Chrome menu > Help > About Google Chrome, you can quickly apply the update. When you close and relaunch Google Chrome, the browser will automatically check for new updates and install them.
The open-source V8 Java script engine, which was created by the Chromium Project for the Chrome and Chromium web browsers, contains a zero-day vulnerability (CVE-2021-4102). The weakness is a use-after-free flaw, which happens when an app continues to utilize a cursor after it has been released, resulting in the programcrashing and potentially allowing arbitrary code to be run. Other zero-day vulnerabilities in the web engine have previously been discovered, including CVE-2021-38003, which is an incorrect execution error, and CVE-2021-38001, which is a type-confusion error.
Attackers frequently use use-after-free bugs to run arbitrary code or bypass the browser’s security sandbox on PCs running unpatched Chrome versions. While Google stated that it had detected attacks leveraging this zero-day vulnerability, it did not provide any additional information or technical details on the flaw.
According to the security advisory, “Google is aware of claims that a CVE-2021-4102 exploit exists in the wild.” Bug specifics will not be revealed until the “majority of users have been updated with a fix,” as is customary with Chrome security advisory. An anonymous reporter alerted Google to the problem on Dec. 9.
A critical-severity, inadequate data validation problem in Mojo is among the other weaknesses patched in the Chrome upgrade (CVE-2021-4098). Mojo is a communication system, according to Chromium, that allows messages to be passed over arbitrary inter- and intra-process barriers. A use-after-free bug (CVE-2021-4099) and heap buffer overflow (CVE-2021-4101) flaw in the Swiftshader software 3D renderer, as well as an object lifecycle issue (CVE-2021-4100) in ANGLE, an open-source, cross-platform graphics engine abstraction layer, are among the other high-severity Google Chrome vulnerabilities.
This newest actively exploited defect takes the total number of zero-day bugs detected by Google Chrome to 17 this year, including two high-severity bugs resolved in October and a use-after-free zero-day vulnerability in the WebGL component of Chromium patched in June (CVE-2021-30554). According to a database maintained by Google researchers, this figure exceeds the entire number from previous years, along with the eight zero-day security flaws in 2020.