Chrome Patches Five Bugs Including A Zero-Day Being Exploited in the Wild.

Author: Melodie Foster

Date: 17th May 2021

Google have reported that all the flaws affect the Windows, MacOS and Linux versions of the Chrome browser. Google also mentioned that it is aware of one of the flaws, which was a zero-day, is being exploited in the wild.

This zero-day flaw stems from a use-after-free bug in Blink which is a rendering engine used by Chromium. The vulnerability could be exploited by a remote attacker tricking a victim into visiting a specifically crafted website and then either executing arbitrary code or causing a Denial of Service attack on the vulnerable system. It has been given a CVSS score of 8.8 out of 10 meaning it is of high severity.

The other flaws include another high severity use-after free flaw which is in WebRTC. This gives web browsers communication abilities like voice and chat. Another one included a high severity buffer overflow error.

Further details on these vulnerabilities are not available yet as Google have said that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.”

Following a report from Menlo Security which states that most Chrome users take about a month to update Chrome, Google is urging customers to patch the vulnerabilities and upgrade to the latest version which is 89.0.4389.90 [1].

[1] https://www.scmagazine.com/home/security-news/vulnerabilities/google-fixes-five-chrome-bugs-including-one-zero-day-exploited-in-the-wild/

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

Chrome Patches Five Bugs Including A Zero-Day Being Exploited in the Wild.

Author: Melodie Foster

Date: 17th May 2021

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta