Google has updated Chrome to deal with fresh attacks on its browser, with three vulnerabilities patched, the tech giant wrote in a blog on Thursday.
Two of the weaknesses were known to have been abused by hackers “in the wild.” One was rated “medium” in severity and was an information leakage vulnerability discovered by one of Google’s own researchers, Clément Lecigne. The other was given a “high” severity rating and was reported by an anonymous party. It was a so-called use after free flaw, which is the result of a failure in an app to handle memory allocation. Per a description from Russian cybersecurity company Kaspersky: “If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.” Pointers do as their name suggests, helping programs access data in free memory space, otherwise known as “addresses.”
The one vulnerability that was not known to be under attack was still a concerning one. Another “use after free” issue, it was discovered by Weipeng Jiang, a cybersecurity researcher from the Codesafe Team of Legendsec at Qi’anxin Group in China. It was bad enough that Google rewarded the researcher with $20,000 in a bug bounty.
No more information was given about the nature of the flaws, but the release means that 12 known zero-day attacks have hit Chrome this year, following another two revealed earlier in September. That’s according to a spreadsheet set up by Google’s own security team, which currently details ten, but not the latest two.
The overall number for zero-day attacks in 2021 on widely used software, from Chrome to Android to Windows to iOS, has now gone up to a record 68, already almost double what 2020 saw. While that may sound concerning, as noted in a recent MIT Technology Review report, the reasons may not all be bad. While it could be that hackers are getting better at exploiting software, it could also be that researchers are getting better at catching them.
Users can avoid being hacked via the latest Chrome flaws by updating to the latest version for Windows, Mac and Linux, which will roll out in the coming weeks. To update to the latest version, go to settings by clicking on the top right corner of Chrome and hit the update button and the option to relaunch Chrome. If those options are not there, go to the help section, then click on “About Google Chrome.” That will tell you what version you’re running and if there’s an option to update to a more recent version. You can also turn on automatic updates, making life a little easier.
As your business grows, safeguarding the applications and systems it relies on involves a unique approach that balances accessibility with cybersecurity. At Raptor IT Consultants, our mission is to establish a foundation for your network resources that empowers users to work efficiently, while offering scalable, managed IT services that complement any business model; affordably. #raptoritnetwork