15 September 2021

Google patches two Chrome zero-days exploited in the wild


Google patches two Chrome zero-days exploited in the wild

Google has rolled out Chrome 93.0.4577.82 for Windows, Mac, and Linux, which fixes 9 CVEs, including two zero-day flaws actively exploited in the wild.

The two zero-day vulnerabilities are CVE-2021-30632 and CVE-2021-30633. The first bug is an out-of-bounds write issue affecting the V8 JavaScript engine. The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

CVE-2021-30633 is a use-after-free bug in the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” the company said without providing any additional information about the attacks.

Earlier this week, Apple released security updates for macOS, iOS, iPadOS, and watchOS to address two zero-day vulnerabilities, one of which was exploited in order to deploy the FORCEDENTRY exploit developed by Israeli spyware maker NSO Group on phones of multiple activists earlier this year.

Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021