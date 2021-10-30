



2.6 billion Chrome users need to pay attention again (fourth this month). Google has identified several new high-level hacks in the browser, which are imminent threats.

Google has identified several new Chrome security vulnerabilities, including a new zero-day hack

Details from Forbes Google critics explain why Chrome is quitting By Gordon Kelly

Last week, after five critical vulnerabilities were identified, Google published a new blog post revealing that seven more highly rated vulnerabilities were discovered in Chrome. This includes Chrome’s 14th and 15th zero-day hacks this year, affecting all Linux, macOS, and Windows users. Zero-day hacking is an exploit that reached hackers before Google issued a fix, putting all Chrome users at imminent risk.

Here are all you need to know and the actions you need to take now.

New vulnerabilities in Chromes

Google is in compliance with policy and limits information about new hacks for Chrome users to buy time to upgrade, but the company is on record: Google CVE-2021-38000 and CVE-2021- 38003 exploits are wild. Here is a complete list of new Chrome vulnerabilities:

High-CVE-2021-37997: Free to sign in. MoyunSecV Lab’s Wei Yuan reports to 2021-10-14 High-CVE-2021-37998: Free use in garbage collection. OPPO Mobile Telecommunications Corp. Ltd. Cassidy Kim of Amber Security Lab reports to 2021-10-13 High-CVE-2021-37999: Insufficient data validation on new tab page. 2021-09-21 High Report by Ashish Arun Dhone-CVE-2021-38000: Insufficient validation of untrusted inputs in intents. Google Threat Analysis Group Clement Lecigne, Neel Mehta, Maddie Stone Report High 2021-09-15-CVE-2021-38001: Type Confusion in V8. Reported by Kunlun Lab via 2021-10-16 High Tianfu Cup-CVE-2021-38002: Use for free with WebTransport. Reported by @ __ R0ng of 360 AlphaLab via Tianfu Cup on 2021-10-16 High-CVE-2021-38003: Improper implementation in V8. Reported by Clment Lecigne of Google TAG and Samuel Gro of Google Project Zero on 2021-10-26

Yes, no details, but the hacking pattern is familiar with the Use-After-Free (UAF) exploits, which make up the majority of successful attacks. UAF exploits hit Chrome more than 10 times last month, causing zero-day hacks in October as well. A UAF vulnerability is a memory exploit when a pointer to memory cannot be cleared after a program has been released.

V8 exploits are as common as heap buffer overflow flaws. V8 is an open source JavaScript engine used by both Google Chrome and Chromium-based web browsers such as Microsoft Edge, Opera, Amazon Silk, Brave, Yandex, and Vivaldi.

What to do

Google has released version 95.0.4638.69, an important Chrome update to combat these attacks. Please note, Google states that this update will be staggered and will be rolled out over the next few days / weeks. This means that you may not be able to protect yourself immediately.

To check if it is protected[設定]>[ヘルプ]>[GoogleChromeについて]Go to. If your Chrome browser matches 95.0.4638.69 or higher, it’s safe. If updates are not yet available in your browser, check back for new versions on a regular basis.

Also, don’t forget that there is one important last step after the update. That is to restart your browser. Even if you update, Chrome will not be protected until you restart. It’s Google’s credit to release high-level attack fixes, usually within days of discovery, but the effect still relies on billions of users restarting their browsers.

Chrome users will need to restart their browser after the update to protect

Google / Gordon Kelly

In addition, attacks on Chrome are on the rise. In July, Google revealed that there were already more zero-day browser exploits than in 2020 as a whole. This means it’s important to keep Chrome up to date. Check it out now.

