March 23, 2023

Microsoft’s Patch Tuesday with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer’s MSHTML web rendering code followed by Google’s latest Chrome security advisory, which includes a zero-day patch (CVE-2021-30551) to Chrome’s JavaScript engine amongst its 14 officially listed security fixes.

This bug is listed as a “type confusion in V8“, where V8 is the part of Chrome that runs JavaScript code, and type confusion means that you can feed V8 one sort of data item but trick JavaScript into handling it as if it were something else, possibly bypassing security checks or running unauthorised code as a result.

Google isn’t saying whether the CVE-2021-30551 bug can be used for full-on remote code execution which, in the context of a browser, usually means that you are vulnerable to a drive-by download.

A drive-by means that merely viewing a website, without clicking on any popups or seeing any “Are you sure?” warnings, could allow crooks to run rogue code invisibly and implant malware on your computer.

However, CVE-2021-30551 only gets a High rating, with just one bug that isn’t in the wild (CVE-2021-30544) denoted Critical.

Tags:

Leave a Reply

Related Post

Google now let you Untrusted Extension

Google now let you Untrusted Extension

June 6, 2021
Chrome Patch Day

Chrome Patch Day

May 12, 2021

You may have missed

Microsoft Snipping Tool Vulnerability

Microsoft Snipping Tool Vulnerability

March 23, 2023
Google Cloud Armor Advanced DDoS Protection

Google Cloud Armor Advanced DDoS Protection

March 22, 2023
BreachForums Curtains Down

BreachForums Curtains Down

March 22, 2023
Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
%d bloggers like this: