World Tech

Chrome’s zero-day patch contains 14 important security fixes

Last week, Google released a patch for its Chrome browser that addressed 14 zero-day vulnerabilities, including two that could have been exploited in the wild to read protected memory. Since the flaws were already found and exploited in the wild, the company also released details on how to patch the flaws and how to mitigate their effects.

Google has patched a critical zero-day vulnerability in Chrome that could be exploited by attackers to take control of a Windows or Mac computer. The flaw was discovered by Google researchers, and the company released a patch to close it on Tuesday.

The update, that was released in December, contains 14 important security fixes. Some of the fixes were manually verified and a few checks on the code base were also performed. The rest of the fixes are automatically generated by the Chrome Security Team through Google’s internal vulnerability scanner. They are not trying to fix every single security flaw in the browser, but they want to make sure that Google’s products are as secure as possible. There is no need to panic.

Vlad Turiceanu Editor-in-Chief With a passion for technology, Windows and anything with an on/off button, he has spent most of his time developing new skills and learning more about the world of technology. With a strong background in personal computers,… Read more

  • Google has released a security advisory for Chrome that contains a zero-day patch for Chrome’s JavaScript engine.
  • CVE-2021-30551 received a high score with a single flaw not found in the wild and exploited by malicious third parties.
  • According to Google, access to information about the bug and links may be limited until most users have received a fix.
  • The CVE-2021-30551 flaw is listed by Google as a type confusion in V8, meaning that JavaScript security can be bypassed to execute unauthorized code.

Users still remember the last Microsoft Patch Tuesday announcement, which they thought was pretty bad because it fixed six vulnerabilities. Not to mention the code buried in the remnants of Internet Explorer’s MSHTML web rendering code.

14 security patches in a single update

Google has released a security advisory for Chrome that you may find interesting. It includes a zero-day patch (CVE-2021-30551) for Chrome’s JavaScript engine, as well as 14 other officially listed security patches. For those unfamiliar with the term, zero-day is figurative, as this type of cyber attack occurs in less than a day from the time a vulnerability is discovered. As a result, developers have little or no time to address or mitigate the potential risks of this vulnerability. Like Mozilla, Google collects other potential bugs it has discovered through common bug detection methods, listed as various fixes resulting from internal audits, phasing and other initiatives. Phasers can generate hundreds, if not millions, of test inputs during test execution. However, you should only save the information in cases where the program behaves improperly or crashes. So they can be used as a starting point for human insect hunters, which also saves a lot of time and labor.

Defects exploited in nature

Google begins by mentioning the zero-day bug, stating that it] knows that an exploit for CVE-2021-30551 exists in the wild. This particular bug is listed as a type confusion in V8, where V8 is the part of Chrome that executes the JavaScript code. Type confusion means that you can provide V8 with a data element, but JavaScript treats it as something completely different, which can bypass security or even execute unauthorized code. As many of you know, JavaScript vulnerabilities that can be caused by embedded JavaScript code in a web page usually lead to RCE exploits or even remote code execution. However, Google does not specify whether the CVE-2021-30551 flaw can be used for serious remote code execution, which generally means users are vulnerable to cyber attacks. To understand the gravity of the situation, imagine that browsing a website without clicking on pop-up windows can allow malicious third parties to execute code and install malware on your computer without you realizing it. For example, CVE-2021-30551 is only given a high rating, and only a bug that does not occur in the wild (CVE-2021-30544) is given a critical rating. Perhaps the CVE-2021-30544 bug got a critical mention because it can be used for an RCE. At this point, however, there is no indication that anyone other than Google and the researchers who reported this knows how to do it. The company also says that access to information about the bug and links may be limited until most users have received a fix. What do you think of Google’s latest zero-day patch? Share your thoughts with us in the comments below. Not enough details. It’s hard to understand Other Contact an expert Take part in the discussionYesterday we started seeing reports of a zero-day vulnerability in the WPA2 security protocol in the latest version of Google’s Chrome browser. After a quick check, we found that Google had patched the bug with a security update dated June 3. With that said, that’s not good enough. While the vulnerability is now patched, the patch is only available to users with monthly security updates on Chrome, and the patch has a critical flaw in it: it only fixes 6 out of the 14 security issues that were patched.. Read more about chrome zero-day april 2021 and let us know what you think.

Related Tags:

chrome 0-day vulnerabilitycve-2021-21193chrome vulnerability 2021cve-2021-21148what is a zero-day vulnerabilitychrome zero-day 2021,People also search for,Privacy settings,How Search works,chrome 0-day vulnerability,chrome hacked 2021,cve-2021-21193,chrome zero-day april 2021,chrome vulnerability 2021,zero-day attack google chrome,cve-2021-21148,what is a zero-day vulnerability

Similar Posts

Leave a Reply

Your email address will not be published.