You are currently viewing Google Chrome Zero-Days Under Active Exploitation

Google Chrome Zero-Days Under Active Exploitation

Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing seven security vulnerabilities. This release includes two very critical Zero-Day exploits being exploited in the wild. These google chrome security vulnerabilities are tracked as CVE-2021-38000 and CVE-2021-38003. Endpoints that have not been patched are advised to deploy patches ASAP.

The flaws were discovered and reported by the Threat Analysis Group (TAG). The other high-severity issues addressed include three Use after free vulnerabilities (CVE-2021-37997 ,CVE-2021-37998, CVE-2021-38002), a data validation issue (CVE-2021-37999), and a type confusion vulnerability (CVE-2021-38001).

At the time of writing, details of attacks where both zero-days are being exploited have not been made public.


Zero-Day CVE-2021-38000

The wildly-exploited vulnerability exists in the Chrome intents. It arises from an insufficient validation of untrusted input in Intents. Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group discovered and reported this issue.

Zero-Day CVE-2021-38003

The wildly-exploited vulnerability exists in the Chrome V8 JavaScript engine. The flaw is due to an inappropriate implementation in V8. This issue was discovered and reported by Clement Lecigne of Google Threat Analysis Group/

Google added in the advisory,

Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.


Affected products

Google Chrome versions before 95.0.4638.69.


Impact

The vulnerabilities allow attackers to cause a program to crash, execute code, obtain potentially sensitive information, and bypass security restrictions on the affected system.


Solution

Google has released the security updates addressing the issue in Google Chrome version 95.0.4638.69.


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments