Google patches some serious Chrome security flaws

Google has revealed that the latest release of its Chrome web browser fixes eleven security vulnerabilities,two of which are potentially serious zero-day exploits.

Furthermore, the search giant disclosed that it was aware that two of the eleven bugs, tracked as CVE-2021-30632 and CVE-2021-30633, were being exploited in the wild.

According to the official release notes, both of the zero-days are memory bugs. It classifies CVE-2021-30632 as an out of bounds write in the browser’s V8 JavaScript engine, while CVE-2021-30633 is labeled as a “use after free” bug in Indexed DB API, which is a JavaScript API for managing a NoSQL database of JSON objects.

• Here’s our list of the best web browsers
• We've put together a list of the best endpoint protection software
• These are the best malware removal software on the market

Interestingly, these two zero-days were the only vulnerabilities that were listed as being submitted anonymously on September 8.

Popular target

Even though Google has admitted that the zero-days are being exploited in the wild, it hasn’t shared any details about the attacks.

Reporting on the release, BleepingComputer shares that while memory bugs often lead to browser crashes, they can be exploited to perform remote code execution, sandbox escapes, and other malicious activities as well.

Reportedly, these two zero-days bring the total number of patched zero-day vulnerabilities in the Chrome web browser in 2021 to ten.

"This milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS," Kevin Dunne, president at cybersecurity vendor Pathlock, shared with ZDNet.

John Bambenek, principal threat hunter at Netenrich went one step ahead and told ZDNet that since the vulnerabilities have now been patched, users can expect exploitation to go up. 

• Protect your devices with these best antivirus software

Via ZDNet