In a security alert, Google announced the identification of at least seven critical security flaws in Chrome that would affect users of operating systems such as Windows, macOS and Linux. At the moment no technical details about these vulnerabilities are known, something that the cybersecurity community recommends in these cases to mitigate the risk of exploitation.
According to the report, these are the flaws found by Google’s security teams:
- CVE-2021-30598: Type Confusion in V8
- CVE-2021-30599: Type Confusion in V8
- CVE-2021-30600: Use after free in Printing
- CVE-2021-30601: Use after free in Extensions API
- CVE-2021-30602: Use after free in WebRTC
- CVE-2021-30603: Race in WebAudio
- CVE-2021-30604: Use after free in ANGLE
Chrome is still the most popular web browser in the world, so up to 8 billion users could be exposed to the exploitation of this flaw. The reports were attributed to several security firms and analysts, including Google Project Zero, Cisco Talos, 360 Alpha Lab and researcher Manfred Paul.
As some users will remember, V8 is the open source JavaScript engine for Chrome, essential for the proper functioning of the web browser. Moreover, WebRTC is a data transfer technology and ANGLE is the abstraction layer of Google’s open source cross-platform graphics engine.
It is worth mentioning that these implementations are a frequent target of threat actors, and are frequently exploited to execute arbitrary code and take control of the affected systems. Proof of this behavior is the exploitation of the last zero-day vulnerability detected in Google, which resided in V8.
The risk of exploitation is real, although there are ways to stay alert to any attack. To get started, we need to verify that our Chrome installation is properly up-to-date; to do this, just open your browser and go to Settings – Help – About Google Chrome. If you’re using a Windows, Linux or macOS system running Chrome v92.0.4515.159, your computer is completely safe from this error.
In case of running any other version, you can verify that your system has no pending updates and, if necessary, update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.