A software vulnerability can lead to drastically different scenarios e.g depending on the scope of how it will be exploited by malicious actors. On multiple occasions, security flaws have cropped up which allow a cybercriminal to remote control a system by taking advantage of security gaps. Recently, in particular, a slew of these remote code execution vulnerabilities have been noted by security researchers. These flaws can also be discovered within any app, service, or software product and are in most cases patched (updated) without affecting too many users. However, sometimes simply patching an exploited vulnerability is impossible at the heavy end of the spectrum. To that end, simple vulnerabilities can lead to security flaws like zero-days that can translate to a global threat. This time, the latest release reports indicate yet another issue with the Google Chrome browser. Google’s widely-used Chrome browser has been particularly in the spotlight because of a steady flow of security vulnerabilities. These specific vulnerabilities have been reported via Google Chrome Releases on August 2nd, 2021.
Seven Vulnerabilities Discovered in Google Chrome
On August 2nd, 2021 it has been reported officially by the ‘Chrome team’ (posted by security researcher Srinivas Sista) on the Google Blog that seven vulnerabilities were discovered in Google’s Chrome Browser. In this instance, all of the vulnerabilities affect the same software versions of Google Chrome and are categorized ranging from medium to high risk as per the CVE (Common Vulnerabilities and Exposures) system. There are a total of 5 high-risk vulnerabilities, and 2 medium-risk vulnerabilities within Google Chrome’s functions.
Description of The Vulnerabilities
A description of the seven vulnerabilities is as follows separated into high and medium risk categories;
High-Risk
Medium-Risk
Technical Details Surrounding The Vulnerability
The Google Chrome vulnerabilities are classified as follows, along with their respective CVE ID codes;
CVE-2021-30590 -High CVE-2021-30591 -High CVE-2021-30592 -High CVE-2021-30593 -High CVE-2021-30594 -High CVE-2021-30596 – Medium CVE-2021-30597 – Medium
The vulnerable software version numbers of Google Chrome are as follows;
The Conclusion
So far, Google has not officially released any information regarding any exploits resulting from these vulnerabilities. This means that no reported damage to users has resulted as of yet. Furthermore, a patch has since been developed and released that mitigates the above seven vulnerabilities. Users should update to the Chrome stable channel update 92.0.4515.131 as soon as possible for Windows, Mac, and Linux. The update, according to Google, contains 10 security fixes.
