Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that has been exploited in the wild.
The most severe of these flaws, tracked as CVE-2021-30544, is a critical use-after-free issue that impacts BFCache.
A back/forward cache (bfcache) caches whole pages (including the JavaScript heap) when navigating away from a page, so that the full state of the page can be restored when the user navigates back. Think of it as pausing a page when you leave it and playing it when you return.
Google awarded $25,000 researchers Rong Jian and Guang Gong from 360 Alpha Lab for reporting this vulnerability.
Google released updates to fix six high-severity use-after-free flaws in Extensions, Autofill, Loader, Spell check, Accessibility, and V8, and a high-severity out-of-bounds write vulnerability in ANGLE.
One of these flaws, a zero-day Type Confusion issue in the V8 Javascript engine, tracked as CVE-2021-30551, is already being exploited in attacks in the wild.
“Google is aware that an exploit for CVE-2021-30551 exists in the wild.” reads the post published by Google.
Shane Huntley, director of Google’s Threat Analysis Group, revealed that a “commercial exploit company providing capability for limited nation-state Eastern Europe/Middle East targeting” has developed an exploit for the CVE-2021-30551.
It seems that the same commercial exploit company has also developed an exploit for a critical RCE, tracked as CVE-2021-33742, in the Windows MSHTML platform.
Since the beginning of 2021, Google addressed other zero-day vulnerabilities in Chrome:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Google Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.