Latest Chrome Release Fixes Zero-Day Flaw of High Severity Patched by Google

The vulnerability tracked as CVE-2021-21193, was found in the V8 JavaScript engine used by Google Chrome. According to Google, the vulnerability was caused by a heap buffer overflow issue in the V8 engine, which could be triggered by a specially crafted web page. If exploited, the vulnerability could have allowed an attacker to execute arbitrary code on the victim's system, effectively taking control of it.

Google said that it had become aware of the vulnerability being actively exploited in the wild. In response, the company released a patch for the vulnerability, which was included in the latest version of Google Chrome (version 90.0.4430.85).
 

The update also includes fixes for several other security vulnerabilities. One of the vulnerabilities fixed in the update was a use-after-free vulnerability in the WebAudio component of Google Chrome. This vulnerability tracked as CVE-2021-21194, could have allowed an attacker to execute arbitrary code on the victim's system.
 

Another vulnerability fixed in the update was a heap buffer overflow vulnerability in the ANGLE graphics library used by Google Chrome. This vulnerability tracked as CVE-2021-21195, could have allowed an attacker to execute arbitrary code on the victim's system.
 

Google recommends that all Google Chrome users update their browsers to the latest version as soon as possible to protect themselves from these vulnerabilities. Users can update their browsers by clicking on the three dots in the top-right corner of the browser window, then select "Settings", "About Chrome", and then clicking on "Check for updates".
 

In addition to releasing the patch for the zero-day vulnerability, Google has also provided additional information on the exploit used by attackers to take advantage of the vulnerability. According to Google, the attackers used a combination of the zero-day vulnerability and a recently patched vulnerability in Microsoft Windows to carry out their attacks.
 

The Windows vulnerability, tracked as CVE-2021-1732 was a privilege escalation vulnerability that allowed an attacker to elevate their privileges on a Windows system. By combining the Windows vulnerability with the Chrome zero-day vulnerability, the attackers were able to execute arbitrary code on a victim's system with elevated privileges.
 

Google did not provide any information on who the attackers were or who their targets were. However, the company did state that it had notified the appropriate authorities about the attacks.
 

The discovery and patching of the zero-day vulnerability in Google Chrome once again highlight the importance of keeping software up-to-date. Zero-day vulnerabilities are vulnerabilities that are unknown to the software vendor and are actively being exploited by attackers. These vulnerabilities are particularly dangerous because there are no patches available to protect users from them.
 

In this case, Google was able to quickly identify and patch the vulnerability, but there have been instances in the past where zero-day vulnerabilities have gone unpatched for months or even years, leaving users vulnerable to attacks.
 

Users can protect themselves from zero-day vulnerabilities by keeping their software up-to-date and by practicing good cybersecurity hygiene. This includes using strong, unique passwords for all accounts, enabling two-factor authentication where available, and being wary of suspicious emails, links, and attachments.
 

In conclusion, the discovery and patching of the zero-day vulnerability in Google Chrome highlight the ongoing efforts of both cybercriminals and cybersecurity professionals. While attackers will continue to look for vulnerabilities to exploit, software vendors and cybersecurity experts will continue to work tirelessly to identify and patch these vulnerabilities to keep users safe. As always, it is important for users to stay vigilant and take steps to protect themselves from these threats.