Singapore markets closed
  • Straits Times Index

    3,173.91
    +9.05 (+0.29%)
     
  • Nikkei

    29,068.63
    +517.70 (+1.81%)
     
  • Hang Seng

    25,330.96
    +368.37 (+1.48%)
     
  • FTSE 100

    7,234.03
    +26.32 (+0.37%)
     
  • BTC-USD

    61,019.93
    -1,271.73 (-2.04%)
     
  • CMC Crypto 200

    1,464.06
    +57.32 (+4.07%)
     
  • S&P 500

    4,471.37
    +33.11 (+0.75%)
     
  • Dow

    35,294.76
    +382.20 (+1.09%)
     
  • Nasdaq

    14,897.34
    +73.91 (+0.50%)
     
  • Gold

    1,768.10
    -29.80 (-1.66%)
     
  • Crude Oil

    82.66
    +1.35 (+1.66%)
     
  • 10-Yr Bond

    1.5760
    +0.0570 (+3.75%)
     
  • FTSE Bursa Malaysia

    1,598.28
    +5.76 (+0.36%)
     
  • Jakarta Composite Index

    6,633.34
    +7.22 (+0.11%)
     
  • PSE Index

    7,213.46
    +30.35 (+0.42%)
     

New Google Chrome vulnerability puts 2.65 billion users at risk

·2-min read


New Google Chrome vulnerability puts 2.65 billion users at risk
New Google Chrome vulnerability puts 2.65 billion users at risk

26 Sep 2021: New Google Chrome vulnerability puts 2.65 billion users at risk

Google has recently revealed it found this year's 11th zero-day exploit for the Chrome browser. The issue is said to affect Windows, Linux, and macOS users and Google confirmed that it is aware of bad actors possibly exploiting this vulnerability in the wild. Google has not said much, but a fix has already been released and is in the delivery pipeline for all users.

What’s zero-day: Hackers could have exploited vulnerability before Google developed a fix

In a new blog post, Google revealed that the newly-discovered vulnerability bears unique identifier code CVE-2021-37973, which is Chrome's eleventh zero-day exploit discovered this year. Zero-day classification means that hackers could have exploited this vulnerability before Google released a fix, making it far more dangerous than other vulnerabilities. If your Chrome version is 94.0.4606.61 or newer, you are protected from this vulnerability.

All hush-hush: Discovery of vulnerability credited to Google TAG employee

To protect its 2.65 billion users and buy them time to upgrade to the latest version including the fix, Google is not disclosing much about the zero-day vulnerability. The company revealed it has a "High" threat ranking and that it was reported on September 21 by Google TAG employee Clément Lecigne with assistance from Google Project Zero's Sergei Glazunov and Mark Brand.

Details: Ten high-rated Chrome UAF vulnerabilities were discovered in September

Forbes reported that this is a Use-After-Free (UAF) vulnerability, a memory exploit characterized by when a program (in this case, Chrome) fails to clear the pointer to the memory after it is freed. In simpler terms, the vulnerability exploits the shoddy job Chrome does when it unloads itself from the computer's RAM. Ten such High-rated Chrome UAF vulnerabilities were discovered in September alone.

Plugging loopholes: Update for all Chrome users has already been issued

Google has said that it has already issued an update for all Chrome users. On Chrome, navigate to Settings > Help > About Google Chrome and immediately install any pending updates. If the update is not available yet and your Chrome version is lower than 94.0.4606.61, revisit this Settings page frequently. Remember that Chrome must be restarted for updates to take effect.

The news article, New Google Chrome vulnerability puts 2.65 billion users at risk appeared first on NewsBytes.

Also see: Google fixes 11 Chrome browser bugs, including two zero-day vulnerabilities
Windows MSHTML zero-day vulnerability actively exploited for remote code execution
Chrome's latest mobile update gives major boost to password security
Read more on Science by NewsBytes.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting