Google Chrome emergency update addresses a total of 11 security flaws

Two major zero-day vulnerabilities were patched to avoid attacks

Urgent Google Chrome update fights zero-day flawsHackers use 2 vulnerabilities in the Google browser to attack. Urgent update issues to patch them.

Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux in the hope to fix eleven security vulnerabilities, two of them being zero-days, exploited in the wild.[1] Company shared the news and said that these exploits are active in the wild. The fresh update is currently rolling out globally in the Stable desktop channel. Within the next few days, it will become available to everyone. Google Chrome is said to check automatically for new updates the next time browser would be restarted.

Experts point out that this is the 10th zero-day exploit that Google had patched in 2021 alone. Many researchers applaud Google for its commitment to patching exploits relatively quickly. Sadly, browser bugs in the wild are among the most serious and threatening security flaws. Experts speculate, that now when some of them are patched, exploitation will ramp up yet again. It is also pointed out that in 20 years web browsing didn't become safer.[2]

Often such security bugs lead browsers to simply crash and in those times, hackers can exploit them to perform remote code execution, sandbox escapes, and other malicious and dangerous behavior. Google hasn't disclosed any further details regarding the attacks and severity of them, just simply concluded that both bugs have been exploited in the wild. Google shared information about the first exploit back in February 2021. The last one happened in July.

Apple is also dealing with zero-day exploits

Another global company Apple is also dealing with zero-day exploits. Just now Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities. One of the flaws could result in arbitrary code execution when processing maliciously crafted web content. Another could lead to arbitrary code execution when processing a maliciously crafted PDF document.[3]

The first flaw has been addressed with improved memory management and the second one has been remediated with improved input validation. Apple communicated that company is aware of a report that this issue may have been actively exploited and updates come weeks after researchers revealed details of a zero-day exploit. With the latest updates, Apple has patched a total of 15 zero-day vulnerabilities since the beginning of 2021.

Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices as the exploit is said to take advantage of a weakness in how Apple devices render images on the display. Citizen Lab said it reported its findings to Apple on September 7 and attributes the exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published.[4]

Zero-day exploits keep cybersecurity situations tense

A zero-day threat is usually an exploit that hasn’t been seen before and doesn’t match any known malware signatures. This makes it impossible to detect by traditional signature-matching solutions and it could exploit a previously unknown software vulnerability which is often named a zero-day vulnerability. It could also be a new malware variant delivered by traditional means.[5]

The number of new cyber threats continues to increase with dozens of new zero-day threats originating every day and impacting major global companies and businesses. In order to stay safe and protect their network, apps, and data, users should have an advanced threat prevention system that can test untrusted files, links, and emails. Safe internet and computer device usage practice should be followed as well.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions