OZ Verified Business
Australia's No.1 Computer Support Company
Need Technical Support? 1300 723 628 Call Service is open 24 Hours/ 7 Days a Week

Call us now

Google Patches a Couple of Chrome Zero Days

Google Patches a Couple of

Google Chrome is one of the most popular internet browsers that both mobile and desktop users utilise. According to 2020 stats, this internet browser has a market share of about 65 percent globally across all types of devices. Google continuously releases updates to add new features and fix existing bugs and issues to provide people with the best user experience.

Google Patches a Couple of Chrome Zero Days

Google Patches a Couple of Chrome Zero Days

Latest Update for Google Chrome Users

On 13th September 2021, Google announced a new update for its internet browser that will be fixing 112 different high severity vulnerabilities. It’s important to note that it also includes fixes for the two most sensitive issues that are being exploited currently in the wild. The patch is released for all the major platforms, including Linux, Mac, and Windows. It’s a part of Google Chrome’s Stable Channel Update and belongs to version 93.0.4577.82.

If you want to check the current version of Chrome you are using, then consider following the steps mentioned below:

  • Step 1: Open your Google Chrome browser on your desktop, mobile, or any other device.
  • Step 2: Click or tap on the three vertical dots located on the top right corner of the browser’s main page.
  • Step 3: Now, you’ll see a menu with multiple options, and you’ll need to click or tap on the “Settings” one, which is the third last option.
  • Step 4: Now, the browser will open another page with a list of multiple options on the left-hand side, and you’ll need to click on the last option, which is labelled as “About Chrome.”

Here you’ll see the current version of the Google Chrome browser you are running, and ideally, it should be 93.0.4577.82 or later.

What About Edge and Brave Users?

It’s important to note that some other popular internet browsers, such as Microsoft Edge and Brave, are also based on Chromium. It means that these browsers are most likely to have the same vulnerabilities as well that Google aims to fix with its latest patch for Chrome. So if you are a Brave of Microsoft Edge user, then you’ll need to keep an eye out for the latest patches and updates to get your browsers fixed.

The Vulnerabilities

The latest patch that Google released fixed the vulnerabilities with high severity. These vulnerabilities were reported by some independent researchers to Google in the early days of August 2021. Google has also mentioned the names in the announcement of the researchers and developers who discovered the flaws.

The two most sensitive flaws or vulnerabilities that were being exploited actively were:

The first vulnerability is related to the V8 JavaScript engine and is known as “Out of Bounds Write.” The second one is the issue related to Indexed DB API, which is known as “Use After Free.” It’s important to note that both of these vulnerabilities were/are being exploited actively by cybercriminals. That’s why Google didn’t provide any information regarding how the hackers and threat actors are carrying out attacks against these weaknesses. There were also no precautionary measures available to the users to look out for.

hacker 2300772 1280

Hackers to exploit Google Zero Days vulnerabilities

V8 JavaScript Engine: A Thorn in Chrome

It’s not surprising to know that one of the vulnerabilities that are being exploited in the wild is related to the V8 JavaScript Interpreter of Google Chrome. It sits right at the heart of all the modern internet browsers and does pretty much all the heavy lifting to provide you with interactive web pages and apps. This component needs to be secure and fast to comply with all the bewildering web standards.

The V8 JavaScript engine of Chrome browsers has plenty of security problems. So much so, Microsoft announced an experimental project in August which is known as Super Duper Secure Mode. The purpose of this project was to tackle all the security problems related to the V8 JavaScript engine by turning off one of its important components, known as JIT. Microsoft did it because the company’s web browser, Edge, is also based on Chrome.

About half of the CVEs (Common Vulnerabilities and Exposures) reported against V8 were related to its JIT (Just in Time) compiler. Moreover, over half of all the “in the wild” vulnerabilities of Chrome browser abuse JIT bugs in one way or the other. Interestingly, turning off JIT means that you will be compromising speed to have more security. Resultantly, the JavaScript execution became twice as slow in the Microsoft Edge.

11 Zero-Days are Patched

In 2021, Google has successfully patched 11 different zero-day vulnerabilities, and the new updates are still coming. Despite the bad PR, Google Chrome still remains the most popular and most commonly used web browser in the world. You might love to use this internet browser as well, but it’s important to make sure that you keep it updated to have a secure and fast browsing experience.

 

References:

Written by The Original PC Doctor on 24/09/2021.

Share this page on your favourite platform by clicking one of the icons below:

Share your thought - leave a comment below:

Your email address will not be published. Required fields are marked *

*

Want a Quick Quote?

If you are experiencing any problems with your technology please enter your details below and one of our helpful helpdesk staff will contact you back in 30 minutes or less.

    Sign me up for the weekly newsletter

    We will never share your information with anyone.
    Privacy Policy.

    Customer Reviews
    The Original PC Doctor
    Average Rating: 4.5 out of 5
    *Based on 10441044 customer reviews collected via multiple sources (Word of Mouth, Product Reviews, Google Reviews and our feedback system.
    The Original PC Doctor reviews
    The Original PC Doctor - 20 years of business excellence