Google issues another security threat warning - fourth time in two months
Google Chrome has more than 2 billion users worldwide. This does make the browser a significant target of hackers and other cybercriminals, and unfortunately, the security features aren’t always enough to keep users safe. Just this weekend, the tech giant issued its fourth urgent update in two months. I feel that now might be the time to start looking at safer browsers.
In their most recent official blog post, Google revealed seven high-rated security threats discovered in Chrome on all major operating systems, including Android, Windows, iOS, and Linux.
As is the norm for the tech giant, they aren’t releasing too much information about the threats. This attempts to stop the spread of information to cybercriminals and give users time to install the necessary security updates and protect themselves and their data.
Currently, this is all that users have to go on regarding these severe vulnerabilities:
- High — CVE-2021-30598: Reported by Manfred Paul. Type Confusion in V8.
- High — CVE-2021-30599: Reported by Manfred Paul. Type Confusion in V8.
- High — CVE-2021-30600: Reported by 360 Alpha Lab. Use after free in Printing.
- High — CVE-2021-30601: Reported by 360 Alpha Lab. Use after free in Extensions API.
- High — CVE-2021-30602: Reported by Cisco Talos. Use after free in WebRTC.
- High — CVE-2021-30603: Reported by Google Project Zero. Race in WebAudio.
- High — CVE-2021-30604: Reported by SecunologyLab. Use after free in ANGLE.
If we look at previously recorded attacks, then these above threats can all be used by hackers to execute code and gain control of a target’s computer or device. Google’s last zero-day attack that happened in July, which was the eighth zero-day attack this year, where hackers could exploit vulnerabilities before Google had a chance to patch them, was a V8 flaw. As you can see from the above list, there are two V8 flaws listed once again.
Google Chrome urges all users to check that their browser versions are updated to the latest version that has been released with fixes for these vulnerabilities. To their credit, the fixes to the serious vulnerability are usually released one day after their discovery, which is good. However, how effective these updates rely on users installing them when they become available.
Chrome is one of the leading browsers available; however, I can’t ignore that this is the fourth major security vulnerability in two months and the eighth zero-day hack this year. The number of attacks is steadily growing, and it is more important than ever to ensure that your browser is kept up to date.
“Chrome is one of the leading browsers available”
Chrome is the ONLY leading browser available. All other browsers combined have the crumbs left.
seriously. given most of them are chrome clones. you would expect these to hit them too, no?
I wonder how bad are chrome clones at fetching security fixes from upstream. For some clone browsers it takes ages to release an update after chrome fixes vulnerabilities. Do they not apply to those clones or do clone developers just not care?
A comparison of how seriously different clones take security updates would make for an interesting article.
Of the three Chrome derivatives that I follow, Brave and Vivaldi have a reasonably good track record of updating in a timely fashion to patch the latest security threats; unfortunately, Slimjet is a laggard.
I know Brave Browser, even though built on Chromium, has already mitigated these flaws. I’d rather use Brave than Chrome..
is that before the flaws were disclosed? if so, did they let others know there were flaws?