[ad_1]
Now is not the time to panic. As with many other software applications that receive regular and continuous updates, Google’s Chrome browser is no stranger to security issues and vulnerabilities. That said, this is exactly why it is important to keep your software up to date at all times. Over the past week, Google rolled out two incremental updates to Chrome 94 that included three known exploits confirmed in the wild. So, before we go any further, you need to go to Chrome’s settings menu and check for an update. The latest version of the desktop Chrome browser for Windows, Linux, and macOS is 94.0.4606.71. If you are not on this version, you will want to update as soon as possible.
Last week’s update contained a high-level vulnerability while this week’s update contains four bug fixes. Two of them have been confirmed by Google to have zero-day exploits in nature, meaning that someone has actively attempted to attack a system using weak software. Below is the list of fixes deployed in this release. The former gave the Codesafe team a bug bounty of $ 20,000 for reporting the issue to the Chrome team.
Advertisement
- [$20000][1245578] High CVE-2021-37974: Use after free in safe browsing. Reported by Weipeng Jiang (@Krace) of the Codesafe Team of Legendsec of Qi’anxin Group on 2021-09-01
- [$TBD][1252918] High CVE-2021-37975: Use after free in V8. Reported by Anonymous on 2021-09-24
- [$NA][1251787] Average CVE-2021-37976: Information leak in the kernel. Reported by Clément Lecigne of Google TAG, with technical assistance from Sergei Glazunov and Mark Brand of Google Project Zero on 2021-09-21
- [1254756] Various fixes from internal audits, fuzzing and other initiatives
I won’t claim to know exactly what all of the above mean, but I did a little research on the high-level security vulnerabilities mentioned in the bug reports. “Use after free” is a term used when memory is accessed for a specific purpose, but the software does not “look” when it has finished using the resource. In terms that I can understand. Let’s say you have a closet in your house that contains all of your personal information and anything of value to you. This door is locked at all times unless you are using it. Now you need your social security card. You will unlock the door to get it back but when you leave you don’t lock the door behind you. This unlocked door can now be used by someone else for nefarious reasons, like stealing your precious collection of teaspoons. It’s mind-numbing but you catch what I’m throwing.
That puts Chrome at over a dozen zero-day exploits for 2021. That’s a decent amount, but let’s remember that Chrome now updates on a four week cycle and bugs like this are to be expected in the software. This is especially true when we are talking about web browsers which are essentially the gateway to the whole Internet. Google is rushing to fill in the gaps and release new versions to lessen the danger. So keep your browser up to date and enjoy safe browsing no matter where the web takes you. You can read more about the update here.
Advertisement
[ad_2]
Source link