Thursday, 22 April 2021 06:47

Google patches yet another Chrome zero-day, tight-lipped about details Featured

0
Shares
By
Image by Clker-Free-Vector-Images from Pixabay

Search giant Google has been forced to patch yet another zero-day in its Chrome browser, the fourth this year, but the company has not provided any indicators of compromise ior other details n its advisory.

In an advisory dated 20 April (US time), the company merely said that the stable branch of Chrome had been updated for Windows, Mac and Linux. It said it was aware that exploits for this latest flaw were floating around the Internet.

The new release also fixes four other serious flaws in Chrome, the browser with the biggest market share globally.

Srinivas Sista of the Chrome project said in the advisory that "access to bug details and links may be kept restricted until a majority of users are updated with a fix".

"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed," he added.

Veteran security reporter Ryan Naraine noted: "This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC [indicators of compromise] data or any meaningful information about the attacks continue to raise eyebrows among security experts."

The only statement regarding the vulnerability under exploitation was that it was a type confusion bug in the V8 JavaScript engine used by the browser and was reported by Jose Martinez, a researcher from security firm VerSprite.

The community organisation Centre for Internet Security detailed the bugs made known on Tuesday as given under:

Several other browsers like Brave, Microsoft Edge and Vivaldi use the same engine; Google has an open-source version of Chrome known as Chromium and the code is taken from that project.

Two more Chrome zero-days were reported last week, with both being disclosed on Twitter.

One, by Indian researcher Rajvardhan Agarwal, was technically a one-day bug, something he acknowledged himself.

The other, dropped by a Chinese researcher known as frust, included a YouTube video of the way in which the vulnerability could be exploited.

The video showed how the vulnerability could be used to open applications on Windows desktops, with the example in question being the Notepad application.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « Software auditing tool maker Codecov breached, upload script modified
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top