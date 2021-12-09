



Chrome has been attacked from all sides this year, and several new hacks are now being discovered in Google’s popular browsers.

Google has confirmed the success of 20 new Chrome hacks, 15 of which are high-level threats

Google confirmed the news in a new blog post, revealing that 20 new vulnerabilities were discovered, 15 of which were classified as high-level threats. Linux, macOS, and Windows users are all affected and need immediate attention. According to a Google report, the total number of successful Chrome hacks in the last three weeks is 45.

Sticking to the protocol, Google is limiting information about these new threats in order for Chrome users to buy time to upgrade. Therefore, the only information we have about the 15 new high-level threats is:

High-CVE-2021-4052: Use for free in web apps. Wei Yuan of MoyunSecV Lab reports to 2021-11-07 High-CVE-2021-4053: Used after release in UI. Reported by Rox on 2021-11-08

[$5000][1239760] High CVE-2021-4054: The autofill security UI is incorrect. Reported 2021-08-13 by Alesandro Ortiz High-CVE-2021-4055: Extension heap buffer overflow. Reported by Chen Rong at 2021-11-03 High-CVE-2021-4056: Loader type confusion. Reported by @ __ R0ng of 360 AlphaLab at 2021-10-18 High-CVE-2021-4057: Used after release in File API. High Report 2021-10-21 by Sergei Glazunov of Google Project Zero-CVE-2021-4058: Heap Buffer Overflow in ANGLE. Reported by Abraluddin Khan and Omair at 2021-11-06 High-CVE-2021-4059: Insufficient data validation on the loader. Luan Herrera (@lbherrera_) reports high at 2021-11-17-CVE-2021-4061: type confusion in V8. 2021-11-18 High Paolo Severini Report-CVE-2021-4062: BFCache Heap Buffer Overflow. Report of 2021-11-22High by Leecraso and Guang Gong of 360 Alpha Lab-CVE-2021-4063: Use it for free with developer tools. Microsoft Browser Vulnerability Research-CVE-2021-4064 on 2021-11-23 High, reported by Abdulrahman Alqabandi: Used after being released in a screen capture. 2021-11-23 High Report by @ginggilBesel-CVE-2021-4065: Used after being released by autofill. Reported by 5n1p3r0010 of 2021-11-25 High-CVE-2021-4066: ANGLE integer underflow. 2021-11-29 High Report by Jaehun Jeong (@ n3sk) of Theori-CVE-2021-4067: Used after being released by the window manager. Reported by @ginggilBesel on 2021-11-29

These hacks continue to follow the familiar pattern of Use-After-Free (UAF) exploits that make up the majority of attacks. Chrome was compromised about 30 times by UAF attacks from September to November, and now seven more could be added in December. A UAF vulnerability is a memory exploit that occurs when a pointer to memory cannot be cleared after a program has been released.

Heap buffer overflow flaws are still a popular attack route. Memory on the heap, also known as heap smashing, is dynamically allocated and usually contains program data. Overflows can overwrite critical data structures, making them an ideal target for hackers.

Good news? No zero-day hacks have been reported. Chrome had already been hit by 15 zero-day hacks in 2021, but the last hack was confirmed in October. That is impressive.

What to do

In response to these new threats, Google has released a new version of Chrome, 96.0.4664.93. It’s important to note that Google warns users that this will be rolled out over the next few days or weeks, so it may not be possible to protect yourself immediately.

To check if it is protected[設定]>[ヘルプ]>[GoogleChromeについて]Go to. If your Chrome browser version is listed as 96.0.4664.93 or later, it’s safe. If updates are not yet available in your browser, it is important to check for new versions on a regular basis.

And remember the last important step. After the update, you will need to restart your browser to protect it. This step is often overlooked. Google acknowledges that it has consistently fixed high-level attacks within days of its discovery, but the fix will only take effect if billions of users restart their browsers. is.

For your safety, you need to restart Chrome after the update

Gordon Kelly

If more motivation for updates is needed, Google confirmed in July that browser hacking was successful by mid-2021 rather than the entire 2020. The next thing to do is to check your browser version. Do it now.

