Warning: Google Chrome users need to update the software immediately

Chrome users should install the recently released security update to prevent any possible attacks.

Google's Chrome browser has a number of security flaws that could pave the way for a variety of attacks, including a V8 bug that could allow hackers to remotely attack (RCE) based on a user's browser.

Reported by security expert Gengming Liu from Singular Security Laboratory, the V8 vulnerability (CVE-2021-21227) was assessed to be of high severity.

However, Liu told SecurityWeek that the level was somewhat mitigated because the attacker could not get out of Chrome's sandbox, meaning attackers could not access any programs or data. and any other application on victim's computer.

Therefore, the hacker will need to associate the CVE-2021-21227 vulnerability with another security vulnerability in order to successfully invade the victim's computer.

The researcher also noted that his findings were linked to previous V8 vulnerabilities, which are now patched (CVE-2020-16040 and CVE-2020-15965).

Here are all 9 security vulnerabilities in Chrome browser that have been patched by Google through the latest update.

These vulnerabilities not only affect Chrome, but also on other browsers - like Microsoft Edge - that use the Chromium kernel.

  1. - CVE-2021-21227: Incomplete data validation vulnerability exists in the V8 component.
  2. - CVE-2021-21228: Incomplete policy enforcement vulnerability exists in the extensions.
  3. - CVE-2021-21229: Incorrect-security-UI vulnerability exists in downloads.
  4. - CVE-2021-21230: The type confusion (wrong type) vulnerability exists in the V8 component.
  5. - CVE-2021-21231: Insufficient data validation vulnerability exists in V8 component.
  6. - CVE-2021-21232: A use-after-free vulnerability exists in Development Tools component. This is a type of memory-related vulnerability, causing memory to become corrupted or allowing data to be modified in memory, leaving the user completely stripped of privileges on an affected system or software. .
  7. - CVE-2021-21233: Heap overflow vulnerability exists in ANGLE component.

Google fixed the flaws in its latest release (90.0.4430.93) for Windows, Mac, and Linux, released Tuesday (April 27, US time).

Chrome users should install the recently released security update to prevent any possible attacks.

Picture 1 of Warning: Google Chrome users need to update the software immediately

To update your Google Chrome browser, click the menu icon (3 dots) in the upper right corner, then select Help> About Chrome (about Chrome). After the update is complete, click Relaunch to restart the browser.

Chrome Update 90.0.4430.93 is now available for Windows, Mac, and Linux users.

Update 29 April 2021
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile