January 18, 2022

TheCyberThrone

Thinking Security ! Always

Google Fixes 17th Zero Day

If you employ Google’s Chrome browser on your desktop, be aware there’s an update available that patches up a handful of security flaws, including a zero-day vulnerability that is being actively exploited in the wild.

Advertisements

That particular vulnerability is being tracked as CVE-2021-4102 with a ‘High’ rated threat level. The specific details of the bug are “Reserved,” meaning they are not yet available to disseminate by the general public. That’s fairly common, as Google wants to ensure that Chrome users are properly patched and protected before serving up details that hackers could otherwise use to nefarious advantage.

Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild,we would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.There are three other High-rated security holes and one that is Critical.

As to CVE-2021-4102, while fine-grain details are not available, Google does at least divulge that it is a “Use after free in V8” bug, which is Chrome’s JavaScript engine. It’s essentially a flaw within the browser’s user of dynamic memory, and generally speaking these exploits can lead to crashes, corrupted data, and arbitrary code execution.

Advertisements

To initial a manual update in Chrome, click the three vertical dots in the upper-right corner and navigate to Help > About Google Chrome. The latest version at the time of this writing is 96.0.4464.110.

%d bloggers like this: