Google has issued a warning regarding a serious vulnerability in their Chrome browser (affecting Windows, Mac, and Linux) that could potentially allow a malicious actor to take full control over a machine. Google urges users to update their browsers immediately. Currently it’s estimated that about 2 billion Chrome browser installs are vulnerable.
At this point, Google has not issued many details about the exploit in an attempt to reduce attention and reduce the overall number of potential attempts to abuse this vulnerability. It is known that this vulnerability can be leveraged to gain complete control over an affected machine.
High — CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul
High — CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul
High — CVE-2021-30600: Use after free in Printing. Reported by 360 Alpha Lab
High — CVE-2021-30601: Use after free in Extensions API. Reported by 360 Alpha Lab
High — CVE-2021-30602: Use after free in WebRTC. Reported by Cisco Talos
High — CVE-2021-30603: Race in WebAudio. Reported by Google Project Zero
High — CVE-2021-30604: Use after free in ANGLE. Reported by SecunologyLab
INDICATORS OF COMPROMISE
Chrome versions earlier than 92.0.4515.159 means that the browser is vulnerable. You can check chrome version by navigating to (Settings > Help > About Google Chrome).
Manually update Google Chrome browser.
On your computer, open Chrome.
- At the top right, look at More.
- If an update is pending, the icon will be colored:
Green: An update was released less than 2 days ago.
Orange: An update was released about 4 days ago.
Red: An update was released at least a week ago.
To update Google Chrome:
- On your computer, open Chrome.
- At the top right, click More.
- Click Update Google Chrome.
- Important: If you can't find this button, you're on the latest version.
- Click Relaunch.
- Stephen Jones, Senior Director Cybersecurity
- Maximo Bredfeldt, vCISO
- Susan Verdin, Cybersecurity Analyst