Chrome Browser Bug Under Active Attack

Google is warning that a bug in its Chrome web browser is actively underneath attack, and it is urging customers to up grade to the latest 91..4472.101 variation to mitigate the issue.

In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“Google is informed that an exploit for CVE-2021-30551 exists in the wild,” wrote Chrome technological application manager Prudhvikumar Bommana in a Wednesday put up. That exploit is recognized as a style confusion bug in just Google’s V8 open-resource JavaScript and WebAssembly motor.
The confusion vulnerability is tied to the browser’s ActionScript Virtual Machine. “Usually, when a piece of code does not verify the variety of item that is handed to it, and makes use of it blindly with out kind-checking, it potential customers to type confusion,” in accordance to a technological description of the bug.

Probable Wider Impact of Exploited Chrome Browser Bug

The update coincides with the launch of the Android Chrome browser to Chrome 91 (91..4472.101), also on Wednesday. While the desktop and cell versions of the Chrome web browser share the exact model quantity, it is unclear if the up to date Android Chrome browser is impacted by the very same vulnerabilities.

Also unclear is if Microsoft’s Edge browser, dependent on the Chromium open up-resource browser codebase (principally developed and maintained by Google), is also impacted.

In linked information, on Tuesday, Microsoft unveiled a patch for vulnerabilities less than active attack, which includes CVE-2021-33742, impacting its Edge browser. That bug is a remote-code execution (RCE) vulnerability inside of the Edge browser’s MSHTML component.

“The MSHTML platform is utilized by Internet Explorer method in Microsoft Edge as properly as other applications by way of WebBrowser management,” Microsoft spelled out.

Critical Browser Cache Bug: CVE-2021-30544

As aspect of the June Chrome update, Google patched a critical use-soon after-no cost bug (CVE-2021-30544) within the browser’s optimization motor named BFCache. This browser element enables again-and-ahead navigation in between cached webpages in Chrome.

As customary with not too long ago disclosed bugs, Google did not release the details tied to any of the vulnerabilities patched Wednesday. “Access to bug particulars and links may possibly be retained restricted right until a the vast majority of consumers are up to date with a repair. We will also retain restrictions if the bug exists in a third-party library that other initiatives similarly rely on, but have not nonetheless mounted,” the Google advisory said.

Google credits Rong Jian and Guang Gong of 360 Alpha Lab for locating the BFCache bug in Could. For their bug hunting endeavours, the pair acquired $25,000.

Obtain our exceptional Totally free Threatpost Insider E-book, “2021: The Evolution of Ransomware,” to assistance hone your cyber-defense approaches from this rising scourge. We go outside of the standing quo to uncover what’s future for ransomware and the relevant rising risks. Get the full story and Obtain the Ebook now – on us!