cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Urgent Chrome Update Released To Fix Zero-Day Bug

Mon Jun 14 2021

Google also released thirteen other urgent fixes in the update

An urgent fix for the Chrome browser has been released by Google to fix fourteen security vulnerabilities, including one zero-day, that was being exploited by as of yet, unidentified, hackers.

Google have released information to show that Chrome's stable channel has now been updated to 91.0.4472.101 for Windows, Mac and Linux, and it’ll be rolled out over the coming days/weeks.

 

Unlike previous zero-day vulnerabilities, Google have released very few details about this one, other than it stemmed from a type confusion issue in V8, Google's open-source and JavaScript engine.

V8 is used by Chrome and many other browsers, such as Microsoft Edge, Brave, Opera and Vivaldi, that are all based on the Chromium project.

 

This particular zero-day bug, now indexed as CVE-2021-30551, was discovered by Sergei Glazunoz of the Google Project Zero. Commenting on the discovery, Google said they were aware that an exploit for CVE-2021-30551 did exist out in the wild.

 

Shane Huntley, director of Googles Threat Analysis Group, said on Twitter that this new zero-day was used by the same cyber actor who’d exploited CVE-2021-33742, a patch for which was released by Microsoft last week.

 

In related news, researchers from cyber security company Kaspersky think they’ve discovered a new threat actor they’ve dubbed the PuzzleMaker, who’s been using Google Chrome and Windows 10 zero-day exploits to target multiple firms around the globe.

 

The other patches released by Google this week to patch security flaws were:

 

  • CVE-2021-30544:  Use after free in BFCache (Critical risk)
  • CVE-2021-30545: Use after free in Extensions (High)
  • CVE-2021-30546: Use after free in Autofill (High)
  • CVE-2021-30547: Out of bounds write in ANGLE (High)
  • CVE-2021-30548: Use after free in Loader (High)
  • CVE-2021-30549: Use after free in Spell check (High)
  • CVE-2021-30550: Use after free in Accessibility (High)
  • CVE-2021-30552: Use after free in Extensions (Medium)
  • CVE-2021-30553: Use after free in Network service (Medium)

 

Your Chrome browser should install these patches automatically but if you’re worried you can force a manual update by going to Settings > Help > About Google Chrome

Not Quite Ready To Get Back To Work Just Yet?

MEMBERSHIP OF TRADE UNIONS RISES FOUR YEARS IN A ROW… BUT IS STILL ONLY HALF THE LEVEL OF THE ‘THATCHER YEARS’

DONATIONS TO SAVE THE CHILDREN FELL BY £18M IN 2020 – FORCING “SUBSTANTIALLY REDUCED SPENDING”

COMMERCIALLY AFFORDABLE FUSION POWER IS NEARLY HERE… THANKS TO A UK TEAM

© cloudThing 2021

Mon Jun 14 2021

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739