Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.
The latest confirmation of this appears today with a new Chrome point-update to patch a pair of security vulnerabilities affecting Windows, MacOS and Linux users. Google said it was aware of reports that both of these vulnerabilities – CVE-2021-21206 and CVE-2021-21220 — are being exploited in the wild.
As has become normal, Google did not provide any other details on the attacks or provide any IOCs to help organizations find signs of infection.
[ SEE: Sophisticated APT Group Burned 11 Zero-Days ]
The company confirmed that one of the bugs — described as “insufficient validation of untrusted input in V8 for x86_64” — was part of an exploit chain demonstrated at last week’s Pwn2Own marketing contest.
The second under-attack bug is currently documented simply as a use-after-free memory corruption vulnerability in Blink, the rendering engine used in Chrome. Google said the bug was reported anonymously.
So far in 2021, Google has rushed out fixes for at least three separate in-the-wild zero-day attacks.
Related: Google Chrome Zero-Day Under Attack, Again
Related: Google Chrome, Microsoft IE Zero-Days in Crosshairs
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- CrowdStrike to Acquire Application Intelligence Startup Bionic
- HiddenLayer Raises Hefty $50M Round for AI Security Tech
- Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
- Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
- Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database
- AuthMind Scores $8.5M Seed Funding for ITDR Tech
- Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits
Latest News
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
