Security News

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. PoC dropped on Twitter, zero-day fixed one week later.

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

Google makes it easy to share text with friends and colleagues with a new Chrome 90 feature that lets you create links to selected text on a web page. This new feature is rolling out now in Chrome 90 and is built on top of Google's "Scroll-To-Text using a URL fragment" feature that they introduced earlier this year and is only available in Chrome.

Google has released Chrome 90 today, April 14th, 2021, to the Stable desktop channel, and it includes security improvements, a new AV1 encoder, and the default protocol changed to HTTPS. Chrome 90 fixes 37 security bugs, including a zero-day used at the Pwn2Own competition and publicly released Monday on Twitter. Today, Google promoted Chrome 90 to the Stable channel, Chrome 91 as the new Beta version, and Chrome 92 will be the Canary version.

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it.

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine. One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates.

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. UPDATE: Agarwal, in an email to The Hacker News, confirmed that there's one more vulnerability affecting Chromium-based browsers that has been patched in the latest version of V8, but has not been included in the Chrome release rolling out today, thereby leaving users potentially vulnerable to attacks even after installing the new update.

A researcher has dropped working exploit code for a zero-day remote code execution vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Pwn2Own contest rules require that the Chrome security team receive details of the code so they could patch the vulnerability as soon as possible, which they did; the latest version of the Chrome V8 JavaScript engine patches the flaw, Agarwal said in a comment posted in response to his own tweet.

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.