Serious zero-day vulnerabilities continue to appear on Google Chrome

Serious zero-day vulnerabilities continue to appear on Google Chrome

 376 total views


2021-07-17 22:13:30

Google has just released an urgent update for Chrome to patch recently discovered vulnerabilities. Among them, there is a serious zer-day vulnerability that is being actively exploited by hackers.

The critical vulnerability, dated CVE-2021-30563, stems from an issue in V8, Chrome’s Javascript engine. According to Google, it was discovered by an anonymous security expert on July 12, 2021.

“Google is aware of reports that vulnerability CVE-2021-30563 is being actively exploited,” Google stated. Therefore, Google recommends that users immediately update Google Chrome to the latest version 91.0.4472.164 for Windows, Mac and Linux computers.

The security expert bonus and other details of the vulnerability were not shared by Google.

In addition to CVE-2021-30563, Chrome update 91.0.4472.164 also fixes 6 other vulnerabilities. Specific information is as follows:

  • Bonus $7,500, code CVE-2021-30559, severity, reported by Seong-Hwan Park of SecunologyLab on June 11, 2021
  • Bonus $5,000, code CVE-2021-30542, severity, reported by Richard Wheeldon on May 32, 2021
  • Undisclosed bounty, code CVE-2021-30560, severity, reported by Nick Wellnhofer on 12/6/2021
  • Unknown bounty, code CVE-2021-30561, severity, reported by Sergei Glazunov of Google Project Zero on June 14, 2021
  • Unknown bounty, code CVE-2021-30562, severity, reported by anonymous expert on 16/5/2021
  • Unknown Bonus, code CVE-2021-30564, Medium, reported by Ali Merchant on June 17, 2021

Thus, up to now, Google has had to patch up to 8 zero-day vulnerabilities on Google Chrome. Almost at the time Google released the patch, all 8 of these vulnerabilities were being actively exploited by criminals.

.

#zeroday #vulnerabilities #continue #Google #Chrome

Leave a Reply

Your email address will not be published. Required fields are marked *