Google patches two Chrome zero-days | ZDNet

By Kevin Colleran On Sep 14, 2021

Google announced fixes for 11 different bugs in Chrome on Monday, including two zero-days currently being exploited in the wild.

Google listed all 11 of the fixes as well as the researchers who discovered them and the bounties handed out. But the two that caused the most stir were CVE-2021-30632 and CVE-2021-30633.

“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” Google explained. The two vulnerabilities were the only ones that were listed as being submitted anonymously on September 8.

Google added that CVE-2021-30632 related to an “out of bounds write in V8” and CVE-2021-30633 concerned a “use after free in Indexed DB API.”

All of the updates will roll out over the coming days and weeks as part of the Stable channel update to 93.0.4577.82 for Windows, Mac and Linux, Google said.

m

Best Google Chrome extensions

If you are a Google Chrome user and you’re not making use of extensions, then you are really missing out. Here is a selection of extensions aimed specifically at boosting your productivity and privacy.
(Updated April 4, 2017)

Kevin Dunne, president at Pathlock, said this was the 10th zero-day exploit that Google had patched this year.

“This milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS,” Dunne said.

“Google’s commitment to patching these exploits quickly is commendable, as they operate Google Chrome as freeware and therefore are the sole entity who can provide these updates. We expect to see continued zero-day exploits in the wild, but we are confident Google will continue to place effort on security and providing timely patches to these exploits.”

Browser bugs discovered from exploitation in the wild are among the most significant security threats, added John Bambenek, principal threat hunter at Netenrich

“Now that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven’t made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors,” Bambenek said.

“Everyone wants to learn how to hack, too few people are working on defense.”

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.