7 highly critical vulnerabilities in Google Chrome affect 2 billion users. Update quickly

In a security alert, Google announced the identification of at least seven critical security flaws in Chrome that would affect users of operating systems such as Windows, macOS and Linux. At the moment no technical details about these vulnerabilities are known, something that the cybersecurity community recommends in these cases to mitigate the risk of exploitation.

According to the report, these are the flaws found by Google’s security teams:

  • CVE-2021-30598: Type Confusion in V8
  • CVE-2021-30599: Type Confusion in V8
  • CVE-2021-30600: Use after free in Printing
  • CVE-2021-30601: Use after free in Extensions API
  • CVE-2021-30602: Use after free in WebRTC
  • CVE-2021-30603: Race in WebAudio
  • CVE-2021-30604: Use after free in ANGLE

Chrome is still the most popular web browser in the world, so up to 8 billion users could be exposed to the exploitation of this flaw. The reports were attributed to several security firms and analysts, including Google Project Zero, Cisco Talos, 360 Alpha Lab and researcher Manfred Paul.

As some users will remember, V8 is the open source JavaScript engine for Chrome, essential for the proper functioning of the web browser. Moreover, WebRTC is a data transfer technology and ANGLE is the abstraction layer of Google’s open source cross-platform graphics engine.

It is worth mentioning that these implementations are a frequent target of threat actors, and are frequently exploited to execute arbitrary code and take control of the affected systems. Proof of this behavior is the exploitation of the last zero-day vulnerability detected in Google, which resided in V8.

The risk of exploitation is real, although there are ways to stay alert to any attack. To get started, we need to verify that our Chrome installation is properly up-to-date; to do this, just open your browser and go to Settings – Help – About Google Chrome. If you’re using a Windows, Linux or macOS system running Chrome v92.0.4515.159, your computer is completely safe from this error.

In case of running any other version, you can verify that your system has no pending updates and, if necessary, update as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.