Google Issues Warning For 2 Billion Chrome Users - 3rd urgent upgrade in a month

Discussion in 'Headline News' started by RickAgresta, Jul 18, 2021.

  1. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,307
    Likes Received:
    20,840
    Trophy Points:
    288
    Google Chrome continues to dominate the web browser market with more than two billion users worldwide. The flipside is it also dominates the attention of hackers causing Google to issue its third urgent upgrade warning in a month.

    In an official blog post, Google revealed that a new ‘zero-day’ exploit (CVE-2021-30563) has been discovered in Chrome and — like the previous attack — it follows an anonymous tip-off. Unlike the majority of security flaws, a zero-day classification means the exploit has been made public before the company could patch it. Writing on its blog, Google confirmed it “is aware of reports that an exploit for CVE-2021-30563 exists in the wild.”

    Little is known about the exploit other than Google’s categorization that it is a “Type Confusion in V8” — which is the open source JavaScript engine at the heart of Chrome. Such secrecy is standard for zero-day bugs as Google tries to minimize the spread of the hack before Chrome users have the chance to upgrade and protect themselves.

    To combat this new threat, all Chrome users should navigate to Settings > Help > About Google Chrome. If your browser version on Linux, macOS and Windows is listed as 91.0.4472.164 or above you are already safe. If not, manually check for updates then restart the browser once the update is ready. Google has also confirmed that six other ‘High’ level threats are patched in this version of Chrome as well as a single ‘Medium’ level vulnerability.

    CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. It is to Google’s credit that it typically releases fixes for zero-day attacks within a few days but their effectiveness is ultimately determined by the speed with which Chrome users update their browsers.

    Attacks on Chrome have been particularly prevalent in recent months, most notably from a group of hackers calling themselves PuzzleMaker. The group has been successful in chaining together Chrome zero-day bugs to install malware on Windows systems. Microsoft itself issued an urgent security warning for Windows users about this in June.

    As it stands, Chrome users would be wise to watch out for updates and ensure both your browser and operating system are kept up to date.

    Link: https://www.forbes.com/sites/gordon...ck-free-upgrade-chrome-users/?sh=57bc3da64f14

    OP note: work has already moved exclusively (mostly) to Edge; Chrome isn't even installed anymore.
     
    scjjtt, Hook, headcronie and 2 others like this.
  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,612
    Likes Received:
    6,834
    Trophy Points:
    113
    This has been one of the many issues that concern me. Apps as a service in the cloud, served via browsers that are huge targets for attacks, let alone the myriad of extensions that are out there that have poor oversight. You can build whitelists for approved extensions, only for that very extension you whitelisted to be sold to an unscrupulous miscreant and you wouldn't know any better. Lock down all extensions, and you reduce the effectiveness of the browser as a tool.

    Interesting that your work has removed Chrome already. Unless they've taken additional steps to block it, users can always install Chrome to their profile, thus circumventing any management of Chrome in a managed environment. It would have likely been better for them to keep Chrome installed in a managed state, and just lock it down to the point where nobody would want to use it.
     
    scjjtt, lelisa13p and Hook like this.
  3. EdmundDantes

    EdmundDantes Mobile Deity

    Messages:
    2,651
    Likes Received:
    3,002
    Trophy Points:
    288
    I've mentioned before that I'm really looking for a new browser. I don't like Chrome and only use it for very specific things. I REALLY, REALLY miss the old pre-Quantum Firefox. I understand when you have to do a major overhaul, but they lost a ton of the functionality I use; the big ones being History Submenus and Session Manager. Plus, I liked the old look better as well.
     
    scjjtt and RickAgresta like this.
Loading...

Share This Page