Last Updated on September 14, 2021 by Calvin C.
The latest version of Google Chrome at the time of writing this article is 93.0.4577.82 and if you are a Chrome user, update to this latest version right away. This is because with this latest update, Google has patched 2 Chrome zero-days that are currently exploited in the wild.
In the release notes detailing the fixes, Google highlighted that the company “is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.”
A list of security fixes and bounties collected for the patches is included in the Google report.
The researchers quietly alerted Google about the zero-day flaws on the 8th of September 2021 and the company moved quickly to address the issues.
As per protocol, announcement of the flaws was only done after the fixes were in place and full technical details will only be released when the majority of Chrome users have updated their browsers.
To force your Chrome browser to fetch the latest update, do the following:
Go to Menu > Help > About Google Chrome
Chrome will automatically check for the latest update and prompt you to relaunch the browser.
Without the update, attackers can use the two security flaws for remote code execution, crashes or corruption of data.
The other 9 bugs that were fixed by the update are as follows:
- CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
- CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
- CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
- CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
- CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-26
- CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
- CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
- CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
- CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08
The new Chrome version is part of a Stable channel update, so in the coming days or weeks the new version will roll out to all major operating systems.
This brings to 10 the number of zero-day flaws that were patched by Google in 2021. Of note is that most of these zero-day flaws affect the V8 engine,
- CVE-2021-21148 – (February)
- CVE-2021-21166 – (March)
- CVE-2021-21193 – (March)
- CVE-2021-21220 – (April)
- CVE-2021-21224 – (April)
- CVE-2021-30551 – (June)
- CVE-2021-30554 – (June)
- CVE-2021-30563 – (July)
In other news, if you have an Apple device, make sure you update the operating system to the latest version. Read more details about the supported devices in this article.
Have you updated your Chrome browser? You can easily update to the latest version of Chrome by following the steps highlighted above.
Cybercriminals take advantage of vulnerabilities in apps and software to get access to your device. Maintaining a good cyber hygiene protocol is one way to protect your systems from attacks.
Another way is to use a VPN when you are online as this encrypts your traffic so that no-one sees what sites you visit. People are becoming more aware of the need to keep part of their internet activity private.
There is no better way except to use a VPN and if you want the best VPN, view trusted VPNs that I recommend here. You can also use a VPN to bypass geoblocks and access geo-restricted content like Netflix.
Share the article with your friends on social media. Subscribe to our newsletter for the latest cybersecurity updates and VPN news.