Connect with us

GOOGLE NEWS SECURITY TECHNOLOGY

Google Issues Warning For 2 Billion Chrome Users
Advertisement

GOOGLE SEO

Understanding the Impact of Google's November 2024 Core Update on Global Search Rankings

GOOGLE

Google Warns About Misuse of Its Indexing API

GOOGLE NEWS

This Week in Search News: Simple and Easy-to-Read Update

AI GOOGLE

Exploring the Evolution of Language Translation: A Comparative Analysis of AI Chatbots and Google Translate

GOOGLE

Google Implements Stricter Guidelines for Mass Email Senders to Gmail Users

GOOGLE

Google's Next-Gen AI Chatbot, Gemini, Faces Delays: What to Expect When It Finally Launches

GOOGLE

Google Brings Bard Students Math and Coding Education in the Summer

GOOGLE TECHNOLOGY

Google Bard vs. ChatGPT: which is the better AI chatbot?

GOOGLE

Google to pay $391.5 million settlement over location tracking, state AGs say

GOOGLE

Google Issues Warning For 2 Billion Chrome Users

Published

3 years ago

on

Main Article Image - Google Chrome

Chrome’s 2.6 Billion users need to be alert again (for the 2nd time in a week), as Google has confirmed multiple high-level hacks to the browser.

Just days after Chrome’s 12th (and 13th) ‘zero-day’ exploits this year were discovered, Google published a blog post that revealed four vulnerabilities. Users must take immediate action.

Google currently restricts information about hacks in order to make it easier for Chrome users to upgrade. This is a standard practice. We have only the following information:

  • High – CVE-2021-37977 : Use after free in Garbage Collection. Report by Anonymous, 2021-09-24
  • High CVE-2021-377978 : Blink buffer overflow. Reported by Yangkang, @dnpushme, of 360 ATA on 2021/08/04
  • High CVE-20237979 : WebRTC buffer overflow. Report by Marcin Towalski, Cisco Talos, on 2021-09/07.
  • High – – Inappropriate Implementation in Sandbox. Reported by Yonghwi Jin, @jinmo123, on 2021-09-30

These descriptions don’t offer much insight, but it’s interesting to see Chrome continue to be attacked with ‘Use After-Free’ ( UAF). In September, the browser was subject to double-digit UAF attacks. This month, hackers exploited a zero day UAF flaw in chrome.

It was less surprising to see a pair Heap buffer overload exploits listed. This is a memory vulnerability, also known as Heap Smashing. However, it is not a common avenue for Chrome hackers in recent months. The heap contains program data and is dynamically allocated. Critical data structures may be overwritten by an overflow making it a prime target for attackers.

Google responded by releasing a critical update. Google warns Chrome users that rollouts will be delayed so that not all will be protected immediately. To verify if you are safe, go to Settings >Help > About Google Chrome. You are safe if your Chrome version is at least 94.0.4606.81. You can still update your browser if the update is not available.

Remember the last step after you have updated Chrome: Chrome cannot be restarted until it is safe again. This makes it a two-way operation. Google can speed track fixes to Chrome hacks but users will not be protected if they do not restart their browsers after updating. Hackers count on this false sense of security. Go check your browser now.

Advertisement

First seen at: Forbes

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Related Topics:
Click to comment

You must be logged in to post a comment Login

Leave a Reply