Last year was a year of Covid-19 outbreak, causing many organizations to overnight transition to a remote working environment, cyber attackers are lurking in the wild, seeking to deliver vulnerabilities such as Zero-Day into the system. Google was no different, it’s reported that it took a month for users to successfully install a new patch due to an increase of Zero-Day attacks. Director of Melon Security, Vinay Pidathala, said 10 Zero-Days are actively exploiting in different browsers in 2020, 4 of them were directed at Chrome.
A few days ago, Google has released patches into 5 different vulnerabilities, including Zero-Day vulnerability exploited in the wild. Google reported the vulnerabilities that are affecting Windows, macOS, and Linux version of Chrome browser, the exploit that was discovered is CVE-2021-21193 existing in the wild. Security researchers are conjecturing that the remote attacks can exploit the Zero-Day vulnerabilities by deceiving users into a well-designed website, delivering arbitrary code, or causing a Denial-of-Service (DoS) attack on the vulnerable system.
Other than Zero-Day, there’re 4 other flaws discovered, an update that patches the remaining vulnerabilities, Google has listed two high-severity bugs that were contributed by external researchers, CVE-2021-21191 and CVE-2021-21192. Google has not disclosed any information regarding the security loopholes discovered until a new update version is available for users to download. As for now, users are advised to update the browser to the latest version (89.0.4389.90).