Articles Emergency patches for Chrome address multiple 0-day vulnerabilities

Emergency patches for Chrome address multiple 0-day vulnerabilities


Google has released Chrome 95.0.4638.69 for Windows, Mac and Linux. Two zero-day vulnerabilities that were actively exploited by cybercriminals have been fixed in the browser.

The developers warn that exploits have already been created for the vulnerabilities CVE-2021-38000 and CVE-2021-38003, which are used by hackers, but the company has not yet disclosed the details of these attacks. This is a normal practice for Google, as the company does not share any details about the bugs themselves or about the scenarios for their use if the vulnerability is under attack. In this way, Google gives users time to install patches before other attackers begin to abuse fresh bugs.

In total, seven vulnerabilities have been fixed in this Chrome release, two of which are categorized as 0-day. The first day zero, CVE-2021-38000, is described as insufficient validation of the untrusted input in Intents and was assigned a high severity. The problem was discovered internally by Google Threat Analysis Group in September 2021.

The second day zero, CVE-2021-38003, is an implementation issue in the Chrome V8 JavaScript engine. This vulnerability was also discovered by an expert from the Google Threat Analysis Group last week.

Since both vulnerabilities were exploited in attacks, all Chrome users are advised to manually update their browser to install the latest version as quickly as possible.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you