Google Chrome zero-day flaw under attack — what to do now

1. Home
2. News
3. Security

Google Chrome zero-day flaw under attack — what to practice at present

(Image credit: monticello/Shutterstock)

Google has updated Chrome to fix 14 security flaws, including one "nix-24-hour interval" flaw that'due south actively being exploited by hackers unknown.

To make certain your desktop version of Chrome for Windows or Mac is updated to version 91.0.4472.101, click the three vertical dots at the top correct of the browser window, curl down to Help, and then click on "Nigh Google Chrome" in the fly-out menu.

A new tab volition open. If information technology tells you your browser is up-to-appointment, you're washed. If not, it will automatically download the new version, after which you take to relaunch the browser. (Linux users may have to wait for their distribution's adjacent update.)

• Microsoft fixes half dozen nada-day flaws in Windows x — update right at present
• The best Windows 10 antivirus software
• Plus: How to sentinel In the Heights online or in theaters

The nix-mean solar day, catalogued as CVE-2021-30551, is related to a Windows flaw, also a zilch-twenty-four hours, that Google researchers discovered last week and Microsoft patched yesterday (June viii). That's according to Shane Huntley, manager of Google's Threat Analysis Grouping.

Chrome in-the-wild vulnerability CVE-2021-30551 patched today was too from the same actor and targeting.Thanks to Chrome team for as well patching inside vii days.https://t.co/1RDbbuiBfY https://t.co/Ap9dEq98CyJune 9, 2021

Come across more

The Chrome zero-solar day is categorized in today'due south Chrome Releases weblog post as due to "type confusion in V8." V8 is the open-source JavaScript rendering engine used past Chrome and other browsers based on the Chromium project, including Brave, Microsoft Edge, Opera and Vivaldi.

None of those other four browsers had incorporated the Chrome patch at the fourth dimension of this writing Wednesday evening Eastern time, but we'll show you how to bank check at the end of this piece.

It's not articulate how technically similar the Chrome and Microsoft cypher-days are. The Microsoft i affects HTML parsing used in Cyberspace Explorer and other legacy software, but that software is used by the Chromium-based Edge only when in "Internet Explorer mode."

Bleeping Computer noted that this is the 6th Chrome cypher-day flaw patched so far in 2021. Two patched by Google in April were used in conjunction with two Microsoft flaws discovered past Kaspersky and patched by Microsoft yesterday (June viii).

All of these nil-day flaws seem to accept been used in sophisticated nation-state attacks against specific targets, presumably for espionage purposes. But as details leak out about the flaws, criminals may start using them for more indiscriminate attacks against a wider range of targets.

The security take chances of today's Chrome zero-day is rated "High." However, in that location'south another fix for a flaw marked "Critical" that involves "use after gratuitous in BFCache," which ways that a vulnerability exists in the mode Chrome holds recently viewed web pages in a reckoner'southward running retentivity.

How to check if Edge, Brave, Opera or Vivaldi are up to date with Chrome

Here'due south a list of the most recent Chrome/Chromium updates.

• June 9: 91.0.4472.101
• May 25: 91.0.4472.77
• May 10: 90.0.4430.212
• April 26: 90.0.4430.93
• April 20: 90.0.4430.85
• Apr 14: xc.0.4430.72
• April 13: 89.0.4389.128
• March 30: 89.0.4389.114
• March 12: 89.0.4389.xc
• March 5: 89.0.4389.82
• March 2: 89.0.4389.72

Among other Chromium browsers, Brave uses Chrome's version numbers, so information technology's piece of cake to see whether it'south up to date.

In Edge, you lot have to type "edge://version" into the accost bar and hit Enter or Render.  In the resulting page, "User agent" will tell you the respective version of Chrome. Edge and Dauntless tin exist updated the aforementioned way every bit Chrome.

In Opera and Vivaldi, click the browser icon in the superlative left corner, then Aid > About. Under "User Agent" or "Browser Identification," you'll run across the respective Chrome version number.

In Opera, that page will also trigger an update if i is available; in Vivaldi, you click Assistance > Cheque for Updates.

• Plus:Apple Wallet can supervene upon your driver's license — is this a skillful thought?

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He'due south been rooting effectually in the information-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and fifty-fifty moderated a panel discussion at the CEDIA dwelling house-engineering briefing. You lot can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/chrome-91-update-2

Posted by: mutchpenot1977.blogspot.com

Share this post