Skip to content

Google Issues Warning For 2 Billion Chrome Users

Google Issues Warning For 2 Billion Chrome Users
Google Issues Warning For 2 Billion Chrome Users
Chrome has been under attack from all sides this year and now multiple new 
hacks have been discovered in Google's popular browser. 

Google confirmed the news in a new blog post, where it
revealed 20 new vulnerabilities have been found, 15 of which it classifies
as ‘High’ level threats. Linux, macOS and Windows users are all affected
and need to take immediate action. Google’s report brings the total number
of successful Chrome hacks to 45 in the last three weeks

These hacks continue to follow a familiar pattern with ‘Use-After-Free’ (UAF) exploits comprising the majority of attacks. Chrome was compromised approximately 30x by UAF attacks from September to November and now another seven can already be added to December. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed. 

 

Heap buffer overflow flaws also remain a popular route of attack. Also known as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers. 

 

Sticking to protocol, Google is restricting information about these new threats in order to buy time for Chrome users to upgrade. Consequently, the only information we have about the 15 new High level threats is as follows: 

 

  • High – CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
  • High – CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08
  • [$5000][1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13
  • High – CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03
  • High – CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18
  • High – CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21
  • High – CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair  on 2021-11-06
  • High – CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
  • High – CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18
  • High – CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22
  • High – CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23
  • High – CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23
  • High – CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25
  • High – CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
  • High – CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29

 

These hacks continue to follow a familiar pattern with ‘Use-After-Free’ (UAF) exploits comprising the majority of attacks. Chrome was compromised approximately 30x by UAF attacks from September to November and now another seven can already be added to December. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed. 

 

Heap buffer overflow flaws also remain a popular route of attack. Also known as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers. 

The good news? No zero-day hacks have been reported. Chrome has already suffered 15 zero-day hacks in 2021 but the last was confirmed in October. That’s impressive. 

What You Need To Do

In response to these new threats, Google has released a new version of Chrome: 96.0.4664.93. Google warns users that this “will roll out over the coming days/weeks” so it is important to note that you may not be able to protect yourself immediately. 

To check if you are protected, navigate to Settings > Help > About Google Chrome. If your Chrome browser version is listed as 96.0.4664.93 or higher, you are safe. If the update is not yet available for your browser, it is important that you check regularly for the new version. 

And remember the critical final step: after updating, you must restart your browser to be protected. This step is easily overlooked. It is to Google’s credit that it consistently fixes high level attacks within days of their discovery, but the fixes only become effective once its billions of users restart their browsers.

If you need any further motivation to update, Google confirmed in July that more successful browser hacks had taken place by mid-2021 than in the whole of 2020. So make sure the very next thing you do is check your browser version. Do it now.

 

Source- https://www.forbes.com/sites/gordonkelly/2021/12/08/google-chrome-warning-new-hacks-security-attacks-upgrade-chrome-now/?sh=63c211cd4e60

Google Issues Warning For 2 Billion Chrome Users 3244

Google Issues Warning For 2 Billion Chrome Users 650d22688ebb3

WANT COUPON
Subscribe now to get free discount coupon code. Don't miss out!
    SUBSCRIBE
    I agree with the term and condition