A New Zero-Day Bug affecting Google Chrome Browser is Exploited in the Wild.
Threat Level Description
Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
We have observed that a new zero-day vulnerability affecting the Google Chrome Browser has been identified.
An unauthenticated remote attacker could exploit this issue and possibly steal confidential info and/or further compromise the system.
Furthermore, it has been identified that this flaw (CVE-2021-30563) is actively exploited in the wild.
Note that the vendor refrained from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse.
The CVE-2021-30563 flaw marks the ninth zero-day vulnerability affecting Google Chrome’s users since the start of the year.
Due to its nature, and according the impact of the previews zero-day vulnerabilities that affected Google Chrome, we can conclude that a remote attacker, by exploiting this vulnerability, could potentially perform heap corruption and/or execute arbitrary code inside a sandbox via a crafted HTML page.
A list of the previews identified zero-days of this year can be found below:
• CVE-2021-21148 – Heap buffer overflow in V8
• CVE-2021-21166 – Object recycle issue in audio
• CVE-2021-21193 – Use-after-free in Blink
• CVE-2021-21206 – Use-after-free in Blink
• CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64
• CVE-2021-21224 – Type confusion in V8
• CVE-2021-30551 – Type confusion in V8
• CVE-2021-30554 – Use-after-free in WebGL
You should immediately proceed and update to the latest version of Google Chrome by heading to Settings > Help > ‘About Google Chrome’.
Also, you should implement the latest patch, referring to the new zero-day vulnerability, provided by the vendor.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.