GOOGLE Chrome users have been urgently warned that hackers exploited a security flaw before they could fix it, making it “significantly more dangerous.”
In a new blog post, Goole confirmed that Chrome’s 11th “zero day” exploit of the year was found and impacts Linux, macOS and Windows users.
1
This classification means hackers were able to use the flaw to their advantage before the tech giant could fix it – upping the threat significantly, noted Forbes.
Google “is aware that an exploit for CVE-2021-37973 exists in the wild,” it said, but the company is reportedly keeping the hack details under wraps to protect users.
It was discovered in-house by Google employees.
Referencing the “high” danger, its post stated: “CVE-2021-37973 : Use after free in Portals.
“Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
“Google is aware that an exploit for CVE-2021-37973 exists in the wild.
Google advised users that bugs are often detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
The zero day is a “Use-After-Free” (UAF) vulnerability; this is when the program doesn’t clear the “pointer to the memory after it is freed,” Forbes noted.
In September, 10 of these were found in Chrome, which boasts 2.65billion users worldwide – but Google has issued an urgent fix.
They warned all users will get it at the same time but urged people to check they were protected.
You can do this by navigating: Settings, then Help, and on to About Google Chrome.
When the Chrome version is 94.0.4606.61-plus, it’s safe and if it isn’t readily available, keep monitoring it
We pay for your stories!
Do you have a story for The Central Recorder team?