Articles A patch for another 0-day vulnerability in Google Chrome...

A patch for another 0-day vulnerability in Google Chrome has been released

-

Google developers released Chrome version 90.0.4430.85 (for Windows, Mac and Linux), eliminating a zero-day vulnerability that hackers have already actively exploited.

The issue is identified as CVE-2021-21224 and was reported by security analyst Jose Martinez of VerSprite Inc. The vulnerability is also known to be related to a type confusion bug in the V8 engine.

Martinez himself writes that the vulnerability is related to a PoC exploit for Chrome, which was posted on Twitter last week. At the same time, the researcher himself informed Google about the problem a week before this publication.

Let me remind you that the bug, the exploit for which was published on social networks, did not allow you to escape from the Chromium sandbox. That is, the attacker first needs to get out of the sandbox by combining the problem with other vulnerabilities.

Also in Chrome version 90.0.4430.85, minor bugs have been fixed, including:

  • CVE-2021-21222: V8 heap buffer overflow;
  • CVE-2021-21223: Mojo integer overflow
  • CVE-2021-21225: out of bounds memory access in V8;
  • CVE-2021-21226: use after free navigation issue.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you