Computer

Update Chrome: this new 0-day bug puts you in danger again

So far this year, Google has had to update its emergency Chrome browser 9 times to fix a total of 9 critical, zero-day vulnerabilities that were being exploited by hackers over the Internet. The list of bugs fixed to date is:

  • CVE-2021-21148 – Buffer overflow on V8 engine
  • CVE-2021-21166 – Failure to reuse objects in the audio.
  • CVE-2021-21193 – Memory usage after unlocking in Blink.
  • CVE-2021-21206 – Memory usage after unlocking in Blink.
  • CVE-2021-21220 – Insufficient data validation in V8 engine inputs for 64 bits.
  • CVE-2021-21224 – Data confusion in V8.
  • CVE-2021-30551 – Data confusion in V8.
  • CVE-2021-30554 – Memory usage after freeing in WebGL.

To this list, which already has 8 more elements than should appear, is added a ninth security flaw that has been being exploited by hackers in recent weeks.

Google Chrome’s ninth zero-day bug

The new vulnerability detected in Google Chrome has been registered as CVE-2021-30563. This security flaw was discovered before by hackers, who have created exploits and been exploiting it in a massive way over the Internet.

The vulnerability in question is found on the V8 WebAssembly and JavaScript engine, written in C ++, from Chrome. The flaw in question is of the “data confusion” type, allowing hackers to read and write data to memory beyond the limits of the browser. Generally, these types of failures usually block and close the program, but this time they have managed to take advantage of it to execute random code in the system memory.

For security reasons, Google has not provided much more information on this bug of security. When most users have updated, and it is safe, the company will reveal more technical details about the CVE-2021-30563 vulnerability that, for the ninth time in 6 months, has jeopardized the security of millions of users.

Update your browser as soon as possible

Google has just released a new version of Chrome, the 91.0.4472.164. The objective of this emergency update is precisely this, to correct the vulnerability CVE-2021-30563 and prevent the exploit from continuing to endanger users.

Chrome constantly checks for browser updates in the background. As soon as it detects it, it will download and install it. In addition, we can go to the section Help> Chrome Information to manually check for updates and apply it as soon as possible. After restarting the browser, we will already be protected against this vulnerability.

Related Articles