Chrome’s zero-day patch contains 14 important security fixes

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Editor-in-Chief
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
  • Google releases Chrome security advisory, which includes a zero-day patch to Chrome’s JavaScript engine.
  • CVE-2021-30551 gets a high rating, with only one bug that isn’t in the wild, exploited by malicious third parties.
  • According to Google, Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
  • The CVE-2021-30551 bug is listed by Google as type confusion in V8, meaning that JavaScript security can be bypassed for running unauthorized code.
Chrome zero day

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Users are still dwelling on the previous Microsoft Patch Tuesday announcement, which was pretty bad in their opinion, with six in-the-wild vulnerabilities patched.

Not to mention the one buried deep within the vestiges of Internet Explorer’s MSHTML web rendering code.

14 security fixes in one single update

Now, Google releases Chrome security advisory, which you might want to know includes a zero-day patch (CVE-2021-30551) to Chrome’s JavaScript engine, amongst its other 14 officially listed security fixes.

For those who are still not familiar with the term, Zero-day is an imaginative time, as this type of cyberattack happens in less than a day since the awareness of the security flaw.

Therefore, it doesn’t give the developers nearly enough time to eradicate or mitigate the potential risks associated with this vulnerability.

Similar to Mozilla, Google also clusters together other potential bugs it has found using generic bug-hunting methods, listed as Various fixes from internal audits, fuzzing, and other initiatives.

Fuzzers can produce if not millions, hundreds of millions of test inputs over the span of the proving run.

However, the only information they need to store is in the cases that cause the program to misbehave, or crash.

This means that they can be used later on in the process, as starting points for the human bug hunters, which will also conserve a lot of time and manpower.

Bugs are being exploited in the wild

Google starts by mentioning the zero-day bug, stating that they are] aware that an exploit for CVE-2021-30551 exists in the wild.

This particular bug is listed as type confusion in V8, where V8 represents the part of Chrome that runs JavaScript code.

Type confusion means that you can provide V8 with one data item, while tricking JavaScript into handling it as if it were something totally different, potentially bypassing security or even running unauthorized code.

As most of you might know, JavaScript security breaches that can be triggered by JavaScript code embedded in a web page, more than often result in RCE exploits, or even remote code execution.

With all this being said, Google isn’t clarifying whether the CVE-2021-30551 bug can be used for hardcore remote code execution, which usually means that users are vulnerable to cyber-attacks.

Just to get an idea of how serious this is, imagine surfing a website, without actually clicking on any popups, could allow malicious third parties to run code invisibly, and implant malware on your computer.

Thus, CVE-2021-30551 only gets a high rating, with merely a bug that isn’t in the wild (CVE-2021-30544), classified as critical.

It could be that the CVE-2021-30544 bug had the critical mention attributed to it because it could be exploited for RCE.

However, there’s no suggestion that anyone other than Google, as well as the researchers that reported it know how to do that, for the moment.

The company also mentions that access to bug details and links may be kept restricted until a majority of users are updated with a fix

What is your take on the latest zero day patch by Google? Share your thoughts with us in the comments section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on TrustPilot.com (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.