Warning: Google Chrome users need to update the software immediately
Chrome users should install the recently released security update to prevent any possible attacks.
Google's Chrome browser has a number of security flaws that could pave the way for a variety of attacks, including a V8 bug that could allow hackers to remotely attack (RCE) based on a user's browser.
Reported by security expert Gengming Liu from Singular Security Laboratory, the V8 vulnerability (CVE-2021-21227) was assessed to be of high severity.
However, Liu told SecurityWeek that the level was somewhat mitigated because the attacker could not get out of Chrome's sandbox, meaning attackers could not access any programs or data. and any other application on victim's computer.
Therefore, the hacker will need to associate the CVE-2021-21227 vulnerability with another security vulnerability in order to successfully invade the victim's computer.
The researcher also noted that his findings were linked to previous V8 vulnerabilities, which are now patched (CVE-2020-16040 and CVE-2020-15965).
Here are all 9 security vulnerabilities in Chrome browser that have been patched by Google through the latest update.
These vulnerabilities not only affect Chrome, but also on other browsers - like Microsoft Edge - that use the Chromium kernel.
- - CVE-2021-21227: Incomplete data validation vulnerability exists in the V8 component.
- - CVE-2021-21228: Incomplete policy enforcement vulnerability exists in the extensions.
- - CVE-2021-21229: Incorrect-security-UI vulnerability exists in downloads.
- - CVE-2021-21230: The type confusion (wrong type) vulnerability exists in the V8 component.
- - CVE-2021-21231: Insufficient data validation vulnerability exists in V8 component.
- - CVE-2021-21232: A use-after-free vulnerability exists in Development Tools component. This is a type of memory-related vulnerability, causing memory to become corrupted or allowing data to be modified in memory, leaving the user completely stripped of privileges on an affected system or software. .
- - CVE-2021-21233: Heap overflow vulnerability exists in ANGLE component.
Google fixed the flaws in its latest release (90.0.4430.93) for Windows, Mac, and Linux, released Tuesday (April 27, US time).
Chrome users should install the recently released security update to prevent any possible attacks.
To update your Google Chrome browser, click the menu icon (3 dots) in the upper right corner, then select Help> About Chrome (about Chrome). After the update is complete, click Relaunch to restart the browser.
Chrome Update 90.0.4430.93 is now available for Windows, Mac, and Linux users.
You should read it
- Google Chrome is now 23% faster, have you tried it?
- Google Chrome temporarily prevents sideload of extensions
- Google Chrome released Chrome 15 beta
- Google released Google Chrome 26
- Put Google as the homepage on Google Chrome
- Fix the Google Chrome sync feature not working
- The latest ways to fix faulty Google Chrome 2022
- Google launched Chrome 33, patched 7 new security bugs
- Top 10 best Google Chrome extensions to avoid distractions when working
- Please download Google Chrome 62 for Windows, Mac and Linux
- How to restore Google Chrome tab on your phone
- Google released Chrome 70 with many new improvements
Maybe you are interested
What are GBR files? How to Tag your friends to comment, comment on Facebook Configure Always On VPN in Windows 10 with Microsoft Intune Download Survivalist: Invasion PRO, a super zombie survival game is being free How to install Windows 10 IoT Core on Raspberry Pi 3 How to start Raspberry Pi 3 from USB