November 30, 2023

The zero-day patched and reported by Google Project Zero’s is described as a type confusion bug in V8, Google’s open-source C++-based and high-performance Web Assembly and JavaScript engine.

Even though type confusion weaknesses would generally lead to browser crashes following successful exploitation by reading or writing memory out of the bounds of the buffer, they can also be exploited by threat actors to execute arbitrary code on devices running vulnerable software.

Google said that it is aware of CVE-2021-30563 in the wild exploitation, it did not share info regarding these attacks to allow the security update to deploy on as many systems as possible before more threat actors start actively abusing.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix, We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Google Stated….

Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > ‘About Google Chrome.’

Leave a Reply

%d bloggers like this: