Google patched Chrome for Windows, Mac, and Linux on Monday (September 13) to fix two zero-day flaws that hackers are actively using in their attacks Nine other vulnerabilities were also fixed To prevent yourself from becoming a sitting duck, update your browser as soon as possible
To update Chrome on Windows or Mac, it is usually sufficient to close and re-launch the browser However, on some Linux distributions, you will need to wait for the Chrome fix to be packaged with other software updates
If Chrome does not update after restarting, move the mouse cursor over the three small vertical dots in the upper right corner of the browser window Click on the dots, move the cursor down and hover over "Help" in the drop-down menu
A small window will appear on the left side" Click on "About Google Chrome The browser will indicate that it is up-to-date or you will be prompted to update yourself and then restart; the version of Chrome is 930457782
The two patched zero-day flaws were classified as CVE-2021-30632 and CVE-2021-30633, both reported to Google by an anonymous source (presumably the same source) on September 8
They are called "zero-day" because hackers had already used them in attacks before Chrome discovered them, and developers did not have time to prepare a fix before the exploits began; they are the first zero-day patches to be applied to Chrome since mid-July
The first was described as "out-of-bounds writing in V8," which is Chrome's JavaScript engine that handles many moving parts on a web page Google has patched half a dozen V8-related zero-day incidents this year
The second flaw, characterized as "use after free in Indexed DB API," means that hackers figured out how to hijack the running memory allocated to the programming interface that handles JavaScript and database interaction meaning that the hacker has figured out how to hijack the running memory allocated to the programming interface that handles database interaction with JavaScript
JavaScript is one of the main components that make interactive websites possible before JavaScript, websites were largely static without JavaScript and similar technologies, opening a Gmail message without reloading the entire page would be impossible It would have been impossible to open a Gmail message without having to reload the entire page
There is no information yet on who was using these two zero-day flaws or who was being targeted However, most of the Chrome zero-day fixes in 2021 are highly resourced state attackers who go after high-value targets, including political dissidents, foreign diplomats, or others whose computers or smartphones may contain a lot of valuable information, In other words, government spies are involved
Other flaws that have been fixed include three in the Blink rendering engine that builds Chrome's web pages and two in the ANGLE graphics engine While most of the finders are named, we liked the one identified only as "@SorryMybad"
Chrome shares the open-source Chromium codebase with several other browsers, all of which have not yet been updated as of this writing Despite Microsoft's Patch Tuesday update yesterday (September 14), the Microsoft Edge browser was still based on Chromium 930457763, and Opera was even further behind at Chromium 9204515159
However, both Brave and Vivaldi have updated to the latest version of Chromium
Below is a list of updates to Chrome desktop over the past six months of 2021
Comments