These vulnerabilities are also relevant to other browsers based on the Chromium engine - for instance, Microsoft recommends updating Edge to version 94.0.992.38. Therefore, Google advices all Chrome users to immediately update browser to version.
What’s worse: according to Google cybercriminals have already exploited two of these three vulnerabilities. Google experts consider one of the vulnerabilities as critical and the other two as highly dangerous. Additionally, these restrictions may be maintained until most users update their Chrome browsers with these fixes.Google has released an emergency update for the Chrome browser that addresses three vulnerabilities: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976. Google has decided to limit access to the details of these exploits since third party related software and projects may not have been updated with the security fixes. This exploit was characterized by the combined efforts of Clement Lecigne at Google TAG, who was supported by Sergie Galzunov and Mark Brand based at Google Project Zero on September 21. Moreover, CVE-2021-37976 was designated as a medium-level security flaw and was stated to cause an “information leak in core”. Meanwhile, CVE-2021-37975 was found by an anonymous source on September 24 and this bug appeared in the V8 JavaScript engine. The CVE-2021-37974 bug affected safe browsing and was noted on September 1 by Weipeng Jiang who is affiliated with Codesafe Team of Legendsec at Qi’anxin Group. The “use after free” flaws have been identified as CVE-2021-37974 and CVE-2021-37975 and are both considered high risk as they may cause data corruption. Security experts as well as external researchers have detected key bugs and exploits such as “use after free” bugs and information leaks.
0 kommentar(er)
