In these days of increasing severity of attacks on Chrome, Google has now confirmed two more critical hacking attacks.
In a new post he made, Google; announced that this year’s 12th and 13th ‘Zero-Day’ vulnerabilities (CVE-2021-37975 and CVE-2021-37976) were also found, affecting Linux, macOS and Windows users. Zero-day attacks are critical, as they mean that these vulnerabilities are known to hackers before Google releases any fixes. This means that Chrome users are in danger.
Not many details about the attacks are known yet.
Consistent with the protocol, Google is currently restricting information on both attacks to give Chrome users time to upgrade. Along with another ‘High’ rated threat, the only details the company has released regarding the attacks are as follows:
- High — CVE-2021-37974 : Use after release in Safe Browsing. Reported by Weipeng Jiang of Codesafe Team of Legendsec at Qi’anxin Group on 2021-09-01
- High — CVE-2021-37975 : Use after release in V8. Reported by Anonymous on 2021-09-24
- Medium — CVE-2021-37976 : Information leak in kernel. Reported by Clément Lecigne of Google TAG with technical support from Sergei Glazunov and Mark Brand of Google Project Zero in 2021-09-21
In particular, the first zero-day attack was a ‘Use-After-Free’ (UAF) vulnerability that has been repeatedly targeted by hackers over the past few months. UAF vulnerabilities are memory exploits that occur when a program fails to clear pointer memory after it has been released. In September and October, double-digit UAF attacks were detected in Chrome.
Google took action against attacks
In response to the attacks, Google released a critical update; however, the company warned its users that the rollout will happen gradually, so not everyone can protect themselves almost immediately. You can check if you are protected by going to Settings > Help > About Google Chrome. If the version of Chrome you’re using is 94. 0. 4606. 71 or higher, you don’t have to worry, you’re safe. However, if the update is not yet available for your browser, all you need to do is to regularly check for a new version.
It is worth noting that without forgetting; Chrome is not safe until restarted, even after the update has taken place. While Google is quick to fix Chrome hacks, hackers can target Chrome users who don’t realize they’re still vulnerable after the update is installed. That’s exactly why it might be good for you to go and check your browser.