Google Chrome has over two billion users globally and is the market leader in web browsers. However, this makes it a tempting target for hackers, and Google has now issued its fourth urgent update warning in two months.
Google stated in an official blog post that seven ‘High’ grade security risks have been identified in Chrome, with the vulnerabilities affecting Chrome users on all major operating systems, including Windows, macOS, and Linux.
Google is presently not disclosing much information about the vulnerabilities. This is a common procedure as the firm strives to limit information in order to prevent hackers from exploiting these vulnerabilities and to give consumers time to defend themselves. As a result, Chrome users have only one option for now:
- High — CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul
- High — CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul
- High — CVE-2021-30600: Use after free in Printing. Reported by 360 Alpha Lab
- High — CVE-2021-30601: Use after free in Extensions API. Reported by 360 Alpha Lab
- High — CVE-2021-30602: Use after free in WebRTC. Reported by Cisco Talos
- High — CVE-2021-30603: Race in WebAudio. Reported by Google Project Zero
- High — CVE-2021-30604: Use after free in ANGLE. Reported by SecunologyLab
What I can tell you is that “Type Confusion in V8” refers to the open-source JavaScript engine that powers Chrome. “WebRTC” (Internet Real-Time Communication) is a technology that allows audio and video streaming data to be sent between browsers and mobile applications. Google’s open-source, cross-platform platform transfers “ANGLE” (Almost Native Graphics Layer Engine). Extensions and printouts are self-explanatory.
Historically, hackers have exploited all of these to run code in order to gain control of a target device. Chrome’s most recent zero-day attack (in which hackers exploit a vulnerability before Google can update it) was a V8 bug.
How to defend against these new risks
All Chrome users should go to Settings> Help> About Google Chrome. You are secure if your browser version on Linux, macOS, or Windows is 92.0.4515.159 or later. If this is not the case, the About screen should ask you to refresh and restart your browser. You should do this right now.
It is Google’s pride that high-level attack solutions are often delivered within days of being discovered, but their efficacy is still dependent on billions of people upgrading and restarting their browsers.
Chrome is a fantastic browser, but the number of attacks is increasing, with eight zero-day Chrome hacks just this year. Chrome must now be kept up to date at all times. Check it out right now.
