Google is a perfect example of where power comes responsibility. Google Chrome is the most popular browser on almost every platform, mainly Windows and Android. The browser is available on nearly all Android devices. Many others, including Vivaldi, Opera, Microsoft Edge, and Brave Browser, use the same Chromium browser engine as Google, With over two billion users globally.
On the other hand, it attracts hackers’ attention, prompting Google to issue its third urgent update warning in a month. In recent times, cyberattacks on Chrome have been increasingly high, most prominently from a hacking group known as PuzzleMaker. The group has succeeded in combining Chrome zero-day vulnerabilities to exploit vulnerabilities on Windows systems. In June, Microsoft even sent an emergency warning message to Windows owners.
Google has released a patch for its Chrome web browser that addresses several vulnerabilities, along with a zero-day flaw that was vigorously exploited in the wild. The security flaws directly impact the popular browser’s versions for Windows, macOS, and Linux.
The 3rd Google’s exploit in a row
Google announced in an official blog post that a new ‘zero-day exploit (CVE-2021-30563) has been identified in Chrome and that it, like the initial attack, was discovered after an anonymous tip-off. Unlike most security issues, a zero-day vulnerability means that the exploit was publicly released before the organisation would address the vulnerability. Google released the latest stable build of the cross-platform Chrome web browser, noting that it includes eight security fixes, one of which it was aware was being exploited in the wild. Google acknowledged on its blog that it is “aware of claims that a CVE-2021-30563 attack exists in the wild.”
Reason for this recent vulnerability
For a good reason, Google didn’t discuss background information well about security vulnerabilities or how it’s being exploited in the wild, describing it as a class confusion bug in Google’s open-source WebAssembly and JavaScript engine, V8.
“Access to bug details and links may be restricted until a majority of users have been updated with a fix,” Google reported as it encouraged users to update to the most current release. As Google strives to limit the spread of the exploit before Chrome users have a chance to upgrade and protect themselves, such concealment is typical for zero-day issues.
V8 is a browser-based application that may also be integrated into standalone projects. V8 is used in several platforms such as Chrome and other Chromium-based browsers, such as Brave, Opera, Vivaldi, Microsoft Edge, and the Couchbase database server.
Must Check: The Man in the High Castle Season 5: Premiere Date
Members of Google’s Threat Analysis Group (TAG) found that a few of the zero-day vulnerabilities in popular web browsers were built by a commercial surveillance firm, which then sold them to various government-backed entities.
What you should be done ASAP…
As time progresses, Chrome users should keep an eye out for upgrades and make sure their browser and operating system are current. The new Chrome update has started rolling out in the Stable channel and will be available to all users in the coming days. Given the revealed vulnerabilities, both users and developers might be wise to update their browsers to the most recent version (91.0.4472.164) as soon as possible. If you have enabled automatic updates, your browser should automatically update to the most recent available version. Otherwise, you could even individually update your Chrome (or Chromium-based) browser by going to the About Google Chrome section, which is located under Help in the menu bar; other browsers are not vulnerable to these vulnerabilities.