Google Chrome Update Needed to Avoid Nasty Security Flaw | Digital Trends



Google released an update to its Chrome browser for Windows and Mac users, and the internet giant strongly recommends that users apply the update as soon as possible. The update contains 14 security fixes — including a zero-day security flaw — that if left unchecked would leave the system vulnerable to attacks. Google categorized these fixes as critical, high, and medium importance.

Windows and Mac users who also surf the internet with the Chrome browser will want to make sure that they’re on version 91.0.4472.101. To make sure that you’re on the latest build of Chrome, launch your browser and then click on the three dots stacked vertically at the top right. Navigate to Settings, and then click About Chrome. From there, you’ll be able to view the Chrome version number, and you can update the browser if it wasn’t automatically updated in the background.

If you don’t immediately update your browser, Google should be pushing out the update to users in the coming days or weeks, the company stated on its blog.

One of the security vulnerabilities that was listed — CVE-2021-30551 — is related to a flaw in Windows 10 that Microsoft had recently patched with its newest OS update.

“Chrome in-the-wild vulnerability CVE-2021-30551 patched today was also from the same actor and targeting,” Google Director of Software Engineering Shane Huntley wrote in Twitter post, referencing that attackers who exploited that vulnerability also took advantage of the vulnerability from CVE-2021-33742. In its release note of the latest Chrome update, Google described the CVE-2021-30551 vulnerability as a “type confusion in V8,” which was reported by Clement Lecigne of Google’s Threat Analysis Group and Sergei Glazunov of Google Project Zero.

The vulnerability was initially discovered on June 4, Google stated, noting that the company “is aware that an exploit for CVE-2021-30551 exists in the wild.” Chrome relies on the JavaScript-based V8 rendering engine for its browser, and the rendering is also common for competing browsers based on the Chromium project, including Microsoft’s Edge.

Even if you’re not on Google Chrome, you’ll want to ensure that you’re running the latest release from the browser of your choice. Most browsers that use Chromium for rendering will also list the Chromium version number, and users should diligently check to see if a patch is available for their browser of choice. If you’re using Microsoft Edge, for example, you’ll want to launch your browser, and navigate to the About page. There, you’ll find the browser version number along with an option to update to the latest version if you’re not on the most current release. Similar procedures can be followed for Opera, Brave, and others that are based on Chromium.

According to Bleeping Computer, this is the sixth zero-day exploit for Chrome in 2021.

Editors’ Recommendations






Source link