Hot on the heels of Microsoft and Adobe releasing several updates, Google is now trotting out some of its own. Patching numerous issues with the Chrome browser, one of the vulnerabilities has already been exploited by hackers.
But it seems that something in that update went a bit haywire, creating a few unintended consequences. Given the flaw’s severity, Microsoft and Google have worked together to roll out the patch in less than seven days after discovery.
Here’s the backstory
Bringing Google’s Chrome up to version 91.0.4472.101, the update fixes 14 security flaws, including at least one zero-day exploit. Unfortunately, an exploit of that kind means that hackers have already figured out a way to use it.
As reported by Clement Lecigne of Google’s Threat Analysis Group and Sergei Glazunov of Google Project Zero, the threat has been designated as CVE-2021-30551. The technical description for it is a “Type Confusion in V8,” but Shane Huntley from Google explained it in simpler terms.
“More details will be on CVE-2021-33742 will come from the team, but for context this seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting,” he posted on Twitter. He added that CVE-2021-30551 is used by the same cybercriminals.
What you can do about it
To patch the vulnerabilities in your Chrome browser, you must update it to the latest version. You can do this by going into settings.
Tap the menu in the upper right corner (three dots), hover your cursor over Help, and select About Google Chrome. You will see which build you currently have, and you’ll have the option to update by clicking Update Google Chrome. If the option isn’t there, then you’re using the latest version.
“I’m happy we are getting better at detecting these exploits. And the great partnerships we have to get the vulnerabilities patched. But I remain concerned about how many are being discovered on an ongoing basis and the role of commercial providers,” Huntley concluded, who is a member of Google’s Threat Analysis Group.