Google Urgently Fixed 0Day vulnerability in Chrome
Table of Contents
On Monday, Google released emergency security updates for Chrome browser v96.0.4664.110 for Windows, macOS, and Linux, fixing a critical zero-day vulnerability (CVE-2021-4102). This is a post-memory exploit vulnerability in the V8 Javascript engine. Vulnerabilities of this kind are often exploited to run arbitrary code on target machines. Google said the vulnerability is being actively exploited by hackers in real attacks.
As noted by the tech giant, the update may take some time until it reaches all users. However, the patch is already being distributed worldwide in the stable desktop browser channel.
Attackers typically exploit these vulnerabilities to execute arbitrary code on computer systems or to exit the browser sandbox. Google found evidence of real attacks exploiting the vulnerability but did not provide additional information on the incidents.
Security Issue Fix
The Chrome Releases blog lists all the fixed security issues:
- Critical Risk CVE-2021-4098: Insufficient Data Validation in Mojo;
- High Risk CVE-2021-4099: Swiftshader After Freeing Data Exploitation Vulnerability;
- High risk CVE-2021-4100: object life cycle error in ANGLE;
- High Risk CVE-2021-4101: Heap Buffer Overflow Vulnerability in Swiftshader;
- High Risk CVE-2021-4102: Post-Memory Usage Vulnerability in Javascript Engine V8.
With this security updates, it is the sixteenth zero-day vulnerability in Chome, identified in 2021. The rest of the vulnerabilities were fixed in the following order:
- CVE-2021-21148 - February 4
- CVE-2021-21166 - March 2
- CVE-2021-21193 - March 12
- CVE-2021-21220 - April 13
- CVE-2021-21224 - April 20
- CVE-2021-30551 - June 9
- CVE-2021-30554 - June 17
- CVE-2021-30563 - July 15
- CVE-2021-30632 and CVE-2021-30633 - September 13th.
- CVE-2021-37973 - September 24
- CVE-2021-37975 and CVE-2021-37976 - September 30th.
- CVE-2021-38000 and CVE-2021-38003 - October 28