Lucene search

K
thnThe Hacker NewsTHN:1A836FDDE57334BC4DAFA65E6DFA02E4
HistorySep 14, 2021 - 4:08 a.m.

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

2021-09-1404:08:00
The Hacker News
thehackernews.com
126

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Google Chrome

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.

Tracked as CVE-2021-30632 andCVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8.

As is typically the case, the company said it’s “aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild” without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them.

With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year —

Chrome users are advised to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux by heading to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaws.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P