Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google addresses a new Chrome zero-day flaw actively exploited in the wild

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited […]

Google Chrome Gemini Live

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited.

Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild.

This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in the wild.

Below is the list of the other nine zero-day vulnerabilities addressed in Chrome in 2021:

Both zero-day vulnerabilities fixed in Chrome 93.0.4577.82 were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API. 

“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” reads the release note published by the company.

Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two vulnerabilities were reported by anonymous researchers.

The two zero-day flaws could be exploited to trigger a DoS condition and under specific circumstances they can allow attackers to escape the sandbox, perform remote code execution, and carry out other malicious activities.

The full list of bugs addressed with the latest release is:

  • [$7500][1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
  • [$7500][1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
  • [$5000][1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
  • [$TBD][1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
  • [$TBD][1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-26
  • [$TBD][1244568] High CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
  • [$TBD][1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
  • [$TBD][1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
  • [$TBD][1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

Google urges its users to update their Google Chrome installs to the latest version immediately.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google)

[adrotate banner=”5″]

[adrotate banner=”13″]