Chrome four high-level vulnerabilities

Google alerts users of four high-level vulnerabilities, urges them to update Chrome now


Google alerts its more than two billion users after a recent hack. The tech company has confirmed new four high-level vulnerabilities in the search engine that cybercriminals can easily exploit again.

The company is, once again, advising its users to update Chrome to its latest version –– the second time this week.

Related: Google issues another warning to its 2 billion Chrome users

The update brings in critical patches to multiple vulnerabilities that are apparently hiding beneath Chrome. Also, the latest security flaws come in just days after the reported Chrome 12th and 13th ‘zero-day’ exploits for 2021.


Multiple ‘high-level vulnerabilities’ discovered in Chrome browser

In a blog post, Google confirmed that a new set of high-level vulnerabilities are discovered and that it requires users to update to patch these security flaws.

Google’s threat analysis group (TAG) said that hackers “created malformed code signatures.” Also, Windows considered the code signature of the hackers to be valid.

Unfortunately, these are not detected by the OpenSSL code used in security scanners.

Multiple 'high-level vulnerabilities' discovered in Chrome browser
Multiple ‘high-level vulnerabilities’ discovered in Chrome browser

Additionally, TAG discovered that the OpenSUpdater line of software uses this new technique as well. The OpenSUpdater is classified as a “riskware” that shows ads on victims’ browsers and then installs unwanted and even malicious programs on their laptops/PCs.

US-based users who are into downloading games are the most targeted victims of the OpenSUpdater attacks.

Google is working very hard in ensuring its users’ security safety. However, with its rapid succession of attacks and hacks, some experts say that maybe it is time to leave Chrome behind and do a switch.

Also read: Brave Browser Review 2021: Is The Switch Worth It?

Furthermore, Google is mum about any information regarding the security vulnerabilities. The tech company restricted any information about the issues as a part of standard security practice. This also gives users the time to download the latest security patch.

However, Forbes was able to collect information about the four high-level vulnerabilities:

  • High – CVE-2021-37977 : Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24
  • High – CVE-2021-37978 : Heap buffer overflow in Blink. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04
  • High – CVE-2021-37979 : Heap buffer overflow in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-09-07
  • High – CVE-2021-37980 : Inappropriate implementation in Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30

Update Chrome browser ASAP

There is not much information released relating to the vulnerabilities. Nevertheless, it is interesting to see why Chrome continues to be a high target of these exploits. Maybe because of its billions of active users.

Following this, Google released a critical update and urges its users to download it ASAP.

But in true Google fashion, the rollout will be staggered. So, not everyone will get the update at the same time.

You can check manually if the update is already available to you, just go to Settings > Help > About Google Chrome. Take note, if your Chrome version is 94.0.4606.81 or higher, then you are good to go.

If the update is not yet available to you, just be cautious of websites that you visit and things that you download. Also, make sure to check regularly for the new Chrome version.

More tech news:

Leave a Reply

Your email address will not be published. Required fields are marked *