Latest Chrome Update Takes Care of Vulnerabilities
Google just pushed out a late April update to its Chrome browser. The new version's number is 90.0.4430.85. The update takes care of several different security issues, one of which is a zero-day vulnerability which has been spotted by security researchers in the wild.
The update's detailed notes were posted on Google's Chrome Releases blog. The post mentions specifically that Google is aware that the zero-day issue, codified as CVE-2021-21224, has known instances of exploits in the wild.
The vulnerability in question is described as a "type confusion in V8". V8 is a Chrome browser component that handles JavaScript code. The "type confusion" issue refers to the V8 component mistaking one type of data input as a different one, leading to potentially dangerous scenarios in some code execution setups.
A total of four other security issues were detailed. Those include CVE-2021-21222: Heap buffer overflow in V8, CVE-2021-21226: Use after free in navigation, CVE-2021-21225: Out of bounds memory access in V8 and CVE-2021-21223: Integer overflow in Mojo.
Two more of those vulnerabilities concern the V8 component of the browser, including a heap buffer overflow, a type of issue which can usually be abused by bad actors for a number of malicious purposes.
Two of those were reported by a Chinese Internet security company. The rest came from reports submitted by security researcher Brendon Tiszka.
You might want to force your Chrome browser to update because even though the update has been out for a few hours, our own Chrome browsers had not yet updated.
To force Chrome to download and apply its latest available stable updates, click the three-dot kebab menu button in the upper right corner of your Chrome interface. Next hover over "Help" near the bottom of the menu and click "About Google Chrome". This should start the automated update checker and Chrome should download and install today's patch, rebooting in the process.