GOOGLE CHROME UNDER MASSIVE ATTACK
GOOGLE WARNS 2 BILLION CHROME USERS.
Attacks against Chrome are on the rise and Google has confirmed two more critical hacks.
Shutterstock
In a new blog post, Google reveals that Chrome's 12th and 13th zero-day operations (CVE-2021-37975 and CVE-2021-37976) have been discovered and are affecting Linux, macOS, and Windows users. The zero-day hack is critical because it is discovered by hackers before Google can release a fix. This puts Chrome users in direct danger. Google reiterates this, stating that it is "aware of the exploits of CVE-2021-37975 and CVE-2021-37976 occurring in nature".
Like logs, Google restricts information on both hacks to get Chrome users time to upgrade. The only details the company discloses below, along with one additional high-ranked threat:
.High-CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) of Codesafe Team of Legendsec at Qi'anxin Group on September 1, 2021
.High-CVE-2021-37975: Use after free in V8. Reported by anonymous on 09/24/2021
.Medium-CVE-2021-37976: Core information leak. Reported by Clément Lecigne of Google TAG, with technical assistance from Sergey Glasunov and Mark Brand of Google Project Zero on 21/09/2021
In particular, the first zero-day attack was the Use-After-Free (UAF) vulnerability, which has been targeted by hackers multiple times in recent months. Double-digit UAF attacks were recorded on Chrome in September and October, looking the same. A UAF vulnerability is a memory exploit when a program is unable to clear a pointer to memory after it has been published.
To address this, Google released an important update. The company warns Chrome users that the deployment will be distributed so that not everyone can immediately fight back. To ensure your safety, go to Settings > Help > About Google Chrome. If your Chrome version is 94.0.4606.71 or higher, you are safe. If updates are not yet available for your browser, check for new versions regularly.
And remember the last important step. Even after the update, Chrome is not safe until it restarts. Google quickly fixed the Chrome hack, but hackers found a wide variety of Chrome users who didn't realize after installing the update that they were still vulnerable. Now check your browser.
Like logs, Google restricts information on both hacks to get Chrome users time to upgrade. The only details the company discloses below, along with one additional high-ranked threat:
.High-CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) of Codesafe Team of Legendsec at Qi'anxin Group on September 1, 2021
.High-CVE-2021-37975: Use after free in V8. Reported by anonymous on 09/24/2021
.Medium-CVE-2021-37976: Core information leak. Reported by Clément Lecigne of Google TAG, with technical assistance from Sergey Glasunov and Mark Brand of Google Project Zero on 21/09/2021
In particular, the first zero-day attack was the Use-After-Free (UAF) vulnerability, which has been targeted by hackers multiple times in recent months. Double-digit UAF attacks were recorded on Chrome in September and October, looking the same. A UAF vulnerability is a memory exploit when a program is unable to clear a pointer to memory after it has been published.
To address this, Google released an important update. The company warns Chrome users that the deployment will be distributed so that not everyone can immediately fight back. To ensure your safety, go to Settings > Help > About Google Chrome. If your Chrome version is 94.0.4606.71 or higher, you are safe. If updates are not yet available for your browser, check for new versions regularly.
And remember the last important step. Even after the update, Chrome is not safe until it restarts. Google quickly fixed the Chrome hack, but hackers found a wide variety of Chrome users who didn't realize after installing the update that they were still vulnerable. Now check your browser.
In particular, the first zero-day attack was the Use-After-Free (UAF) vulnerability, which has been targeted by hackers multiple times in recent months. Double-digit UAF attacks were recorded on Chrome in September and October, looking the same. A UAF vulnerability is a memory exploit when a program is unable to clear a pointer to memory after it has been published.
To address this, Google released an important update. The company warns Chrome users that the deployment will be distributed so that not everyone can immediately fight back. To ensure your safety, go to Settings > Help > About Google Chrome. If your Chrome version is 94.0.4606.71 or higher, you are safe. If updates are not yet available for your browser, check for new versions regularly.
And remember the last important step. Even after the update, Chrome is not safe until it restarts. Google quickly fixed the Chrome hack, but hackers found a wide variety of Chrome users who didn't realize after installing the update that they were still vulnerable. Now check your browser.
Comments
Post a Comment