Google fixes 2 actively exploited zero-days

Recently Google released an emergency update for Chrome browser. The reason for that also lies in 2 actively exploited zero-day vulnerabilities. The internet giant’s Threat Analysis Group (TAG) discovered and reported on the flaw on September 15, 2021, and October 26, 2021, correspondingly. Cybersecurity specialists say they are those actively exploited in the wild. Identified as CVE-2021-38000 and CVE-2021-38003 the exploits connect with inappropriate implementation in V8 JavaScript and WebAssembly engine and insufficient validation of untrusted input in a feature called Intents as well.

Google Chrome 2021 zero-days

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” the company made a note.

But it didn’t share technical specifics about how the two vulnerabilities were exactly exploited. This stable channel update also included the use-after-free vulnerability in the Web Transport component CVE-2021-38002. Specialists pointed out this patch for the first time at the Tianfu Cup contest held earlier this month in China. In total, it would be 16 zero-days in the web browser since the start of this year.

  • CVE-2021-37976 – Information leak in core;
  • CVE-2021-37975 – Use-after-free in V8;
  • CVE-2021-37973 – Use-after-free in Portals;
  • CVE-2021-30633 – Use-after-free in Indexed DB API;
  • CVE-2021-30632 – Out of bounds write in V8;
  • CVE-2021-30563 – Type confusion in V8;
  • CVE-2021-30554 – Use-after-free in WebGL;
  • CVE-2021-30551 – Type confusion in V8;
  • CVE-2021-21224 – Type confusion in V8;
  • CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64;
  • CVE-2021-21206 – Use-after-free in Blink;
  • CVE-2021-21193 – Use-after-free in Blink;
  • CVE-2021-21166 – Object recycle issue in audio;
  • CVE-2021-21148 – Heap buffer overflow in V8.
  • For the mitigation of all possible risks, update your Chrome browser to the latest version (95.0.4638.69) for Windows, Linux and Mac. Head to Settings > Help > “About Google Chrome”.

    Google Chrome history and statistics

    The Google Chrome web browser was released in 2008. In the beginning, only Microsoft Windows users could use it. But macOS, Linux, and various mobile platforms quickly got the support for the browser. In the middle of 2012 Chrome became the most popular browser worldwide. And according to Statista Chrome is currently the main browser of more than 2.65 billion internet users. That constitutes 1.29 billion in 2014.

    Google Chrome has a global browser market share of 63.58% across all devices. A small decrease from the 64.6% share registered in 2019. For the comparison, the nearest competitor – Safari – has a market share of 19.37%. Among mobile users, Chrome has a little lower market share of 62.48%. Chrome’s occupancy in the mobile browser market has nonetheless been steadily climbing higher since it was introduced here.

    Andrew Nail

    Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

    Leave a Reply

    Back to top button