Chrome just posted a new update that includes a number of security fixes. In total, five critical flaws, one of which is classified as “critical”, are addressed by patches included in the update. The most serious security vulnerability, reference CVE-2021-4102, exploits a “free-after-use” bug that resides in the JavaScript V8 engine as well as the WebAssembly rendering engine.
un bug “Use After Free” Refers to a problem that occurs when a program references a memory register that has just been freed. Exploitation of this flaw results in memory corruption which can allow hackers to execute arbitrary code. Google is avoiding giving too many details about the specific security issue at this point to protect users until the majority of people are able to implement the update.
This Chrome security flaw is actively exploited by hackers
Google states that this security flaw, discovered by an unknown researcher, is currently being actively exploited by malicious actors. “Google is aware that an exploit of the CVE-2021-4102 vulnerability exists in the wild”. We don’t yet know who these players are, nor exactly how the flaw was exploited – and its harmful effects on Internet users’ personal data.
However, this is not the first time researchers have detected this type of defect in the V8 JavaScript engine. As of September 30, Google again addressed two similar errors through an update that was highly recommended. This type of bug exists mostly in the most complex components, due to position errors and other exceptional circumstances – or confusion as to which parts of the program are responsible for freeing memory registers.
A total of 17 security holes have been fixed since the beginning of the year. Therefore it is strongly recommended to install this update (96.0.4664.110) of Chrome:
- CVE-2021-21148 – Heap buffer overflow and V8
- CVE-2021-21166 – Object Recycling Problem in Audio
- CVE-2021-21193 – After-use-free dance blink
- CVE-2021-21206 – Free dance blink after use
- CVE-2021-21220 x86_64 . but insufficient verification of insecure entry in V8
- CVE-2021-21224 – V8 . type confusion in
- CVE-2021-30551 – V8 . type confusion in
- CVE-2021-30554 – Free and WebGL after use
- CVE-2021-30563 – Type Confusion in V8
- CVE-2021-30632 – V8 . write out of bounds in
- CVE-2021-30633 – Free After-Use Dance Indexed DB API
- CVE-2021-37973 – Open Portal After Use
- CVE-2021-37975 – Free Dance V8 After Use
- CVE-2021-37976 – Data leak in core
- CVE-2021-38000 Insufficient validation of unsafe entry in intents
- CVE-2021-38003 – V8 . improper implementation in
Also Read – Chrome 96 Available – What’s New and How to Download It
To force update your browser, go to Menu > Help > About Google Chrome in the top right of your avatar. If an update is available it will be downloaded and installed automatically.
Prone to fits of apathy. Music specialist. Extreme food enthusiast. Amateur problem solver.