Google is releasing a new version of its Chrome web browser to fix four flaws, two of which are used for malicious purposes.
Did you download Google Chrome 91 at the end of September to take advantage of all the features of the new version? It is already time to do an update. The American company announced on September 30, 2021 the release of another version of its web browser, which has only one goal: to plug four computer vulnerabilities, two of which turn out to be exploited for purposes malicious.
According to the explanations provided by the Internet giant, the first of these two breaches is nested in V8, the JavaScript engine of Google Chrome. This is a release after use (“use after free”). Clearly, this is an incorrect use of dynamic memory while a program is running. This error allows the program to be hacked if the memory is not properly cleaned.
The second is information leakage in the kernel. Google specifies that the concern was spotted by a member of its TAG (Threat Analysis Group) team, dedicated to the supervision of hacker groups acting on behalf of States, and two of the Project Zero initiative, which specializes in looking for so-called 0-day critical flaws, because they are not documented or unknown.
Flaws reported at the end of September
The two flaws were reported on September 24 and 21, respectively. It therefore only took a few days for the development teams to ascertain the problem and propose adequate fixes. Another serious flaw, dated September 1, was also reported, but there was no need to rush an update sooner as it was not found to be in the wild.
Google plans to communicate in more detail on the characteristics of these breaches, once the new version of Chrome is sufficiently propagated among Internet users. The American company knows that it must be careful: its browser is today the most widespread Internet access point in the world. In fact, he is a preferred target for hackers to attempt malicious actions.
