Chrome Zero-Day Exploit Has Fix With Latest Update. On April 20, 2021, Google releases Chrome 90.0.4430.85, designed to address zero-day exploit hackers are currently taking advantage of, tracked as CVE-2021-21224. The patch also patches four other high severity security flaws that had previously been plaguing the most popular browser on the web. By the time you read these words, the latest version will be available for Windows, Mac, and Linux users.
The other issues Google Chrome Zero-Day patch addresses tracks are as follows:
- CVE-2021-21222 (a heap buffer overflow in V8)
- CVE-2021-21223 (an integer overflow in Mojo)
- CVE-2021-21225 (an out of bounds memory access issue in V8)
Addressing a quartet of serious to critical severity flaws, Google’s update is one you don’t want to miss.
If there’s a silver lining, it lies in the fact that by itself, the remote code execution allowed by this particular zero-day exploit doesn’t allow a hacker to escape from Chrome’s sandbox. That’s not much of a silver lining, however. The company explains in a blog post about the matter, and as demonstrated via a recently releases proof of concept, it can easily chain with another exploit to escape the sandbox.
Google and several other giant tech firms have been scrambling this year. They’ve been addressing zero-day, and high severity security flaws left and right, trying gamely to stay one step ahead of the hackers, or at least not fall too far behind them.
Kudos to Google for taking fast action here. Be sure to update to the latest version as soon as feasible. If the current pace of patching holds, this will be a hectic year for everyone. Buckle up; it appears that 2021 is going to be a wild ride indeed.
