Security News > 2022 > February > Chrome Zero-Day Under Active Attack: Patch ASAP
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild.
To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.
Chrome users can fix it straight away by going into the Chrome menu > Help > About Google Chrome.
Given that the zero day is under active attack, updating Chrome should be done ASAP. Credit for the Animation zero day goes to Adam Weidemann and Clément Lecigne, both from Google's Threat Analysis Group.
Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API. This is Chrome's first zero day of the year, and more are sure to follow.
CVE-2021-21224 - April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
News URL
https://threatpost.com/google-chrome-zero-day-under-attack/178428/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |