0-day vulnerabilities are fixed in Chrome again

0-day vulnerabilities are fixed in Chrome again

Google has released a new version of Chrome for Windows, Mac and Linux with corrections for two recently discovered vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.

The CVE-2021-21206 vulnerability was discovered in the V8 JavaScript engine and is related to the RCE exploit published earlier this week. Let me remind you that this bug was used to compromise Chrome and Edge at the recently concluded Pwn2Own competition by experts from the Dataflow Security team, who eventually received $ 100,000 for this vulnerability. The exploit was published a few days later by Indian researcher Rajvardhan Agarwal, who managed to find the bug by examining the patches in the V8 source code.

Google confirmed that the fix was specifically related to this issue, and also explained that the vulnerability occurred due to incorrect validation of untrusted input data in V8 for x86-64.

I wonder what Agarwal told the publication The Hacker News, that there is another vulnerability fixed in the latest V8, for which the patch was not included in the updated version of Chrome.

“While both problems are different in nature, both can be used to execute arbitrary code during rendering. I suspect that the first patch was included in the Chrome update due to the published [мной] exploit, but since the second patch was not included in this version of Chrome, [уязвимость] can still be used, ”says the specialist.

The second vulnerability fixed in the Google browser (CVE-2021-21220) is of the use-after-free type and was found in the Blink engine. It is known that an anonymous researcher notified the company about it on April 7.

__________________________________________________

ProApk on Telegramhttps://t.me/proapk_in

ProApk on Google Newshttps://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg

ProApk on Twitterhttps://twitter.com/xdapirates

ProApk on Facebookhttps://facebook.com/www.proapk.in

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts