Google has revealed that the latest version of its Chrome web browser fixes eleven security vulnerabilities, two of which are potentially serious zero-day exploits.
Additionally, the research giant revealed that it knew two of the eleven bugs, tracked as CVE-2021-30632 and CVE-2021-30633, were being exploited in the wild.
Interestingly, these two zero-days were the only vulnerabilities listed as having been submitted anonymously on September 8.
Although Google has admitted that zero days are exploited in the wild, it has not shared any details about the attacks.
Output report, Bleeping Computer Shares that while memory bugs often lead to browser crashes, they can be exploited to execute remote code, sandbox escapes, and other malicious activity.
Apparently these two zero-days bring the total number of zero-day vulnerabilities fixed in Chrome Web browser in 2021 to ten.
“This step highlights the focus of bad actors on browser exploits, with Chrome clearly becoming a favorite, allowing a streamlined way to access millions of devices regardless of operating system,” said said Kevin Dunne, president of cybersecurity provider Pathlock, shared with ZDNet.
John Bambenek, Senior Threat Hunter at Netenrich got a head start and said ZDNet that since the vulnerabilities have now been patched, users can expect increased exploitation.
Going through ZDNet
- Google fixes 10th day zero of Chrome mined in the wild this year
- Google Chrome’s next update will sacrifice performance in the name of security
- Apple Fixes Another Zero Day Used To Deploy NSO iPhone Spyware
- Apple fixes iOS zero day used to deploy iPhone NSO spyware
- Netgear Fixes Serious Security Bugs in Over a Dozen Smart Switches
- Apple fixes new zero-day bug used to hack iPhones and Macs
- Google tests if the “Chrome / 100.0” user agent breaks websites
- Netgear smart switches could have been hijacked by serious security flaws
- Chrome Manifest V2 extensions will stop working in 2023