Security News > 2022 > February > Chrome Zero-Day Under Active Attack: Patch ASAP
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild.
To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.
Chrome users can fix it straight away by going into the Chrome menu > Help > About Google Chrome.
Given that the zero day is under active attack, updating Chrome should be done ASAP. Credit for the Animation zero day goes to Adam Weidemann and Clément Lecigne, both from Google's Threat Analysis Group.
Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API. This is Chrome's first zero day of the year, and more are sure to follow.
CVE-2021-21224 - April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
News URL
https://threatpost.com/google-chrome-zero-day-under-attack/178428/
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |