Lessons from the Google Chrome hack

4 min read | October 11, 2021 02:35 PM AEDT | By Samta

Highlights

  • Around 2.6 billion Google Chrome users are on high alert after the company confirmed multiple new high-level hacks.
  • The company has confirmed an exploit of CVE-2021-37973, exists in the wild.
  • Hackers have attacked the browser by double digits UAF attacks in September.

Google Chrome’s 2.6 billion users need to be on high alert as the company has confirmed multiple new high-level hacks.  On Sunday, the tech major has rolled out security update for the same urging the Chrome users to update their browsers to the latest version.

Representative Image Source: © Jirsak | Megapixl.com, image description – Google logo

There has been a critical security loophole, due to which it was found to be under active exploitation by the hackers prior to Google’s roll out of any fix.

RELATED READ - Google dominated Australian online advertising: ACCC

Google has confirmed four high level threats last weekend coming just days after Chrome’s 12th and 13th zero-day exploits of the year. These zero-day exploits impact macOS, Linux and the Windows users.

What is this new threat?

In its blog, Google has confirmed that an exploit of CVE-2021-37973, exists in the wild. Such kind of security flaws are more dangerous than the regular security loopholes.

The company published a new blog post revealing the confirmed threats that users need to take immediate action. Previously, it has warned the user against a zero-day exploit called CVE-2021-30563 and now another dangerous threat has appeared that the company was already aware of.

Google is currently restricting information about these hacks to purchase time for Chrome users to upgrade, consequently, given below are the current information:

  • High – CVE-2021-37977 – Use after free in Garbage Collection.
  • High – CVE-2021-37978 – Heap buffer overflow in Blink.
  • High – CVE-2021-37979 – heap buffer overflow in the WebRTC.
  • High – CVE-2021-37980- Inappropriate implementation in the sandbox.

While these descriptions don’t provide a lot of information, it is quite interesting to see continued attacks on Chrome with “Use-After-Free” (UAF) exploits. Hackers have attacked the browser by double digits UAF attacks in September and have already exploited a zero-day UAF flaw this month, ahead of the latest discovery.

Representative Image Source: © Jirsak | Megapixl.com, Image description – Cyber attack

Lessons to learn from the hack –

In the wake of Google’s warning last week, the company has provided some tips for the users that can be taken as lessons –

  • According to the manual, users can navigate to the settings > help > about Google Chrome and check the Google Chrome version.
  • Google versions of 94.0.4606.61 or more are considered safer. The users who don’t have this version, can wait or else can turn off their machine.
  • When the users have updated their browsers to the latest version, they need to perform the crucial final step that is to restart Chrome.

According to tech experts -

  1. Users are advised to use stable channel update which is provided by Google to vulnerable systems immediately after appropriate testing.
  2. Run all the software as a non-privileged user or one without administrative privileges to diminish the aftereffects of an attack.
  3. Do not visit any un-trusted website while surfing on the internet.
  4. Users must not follow links which are provided by untrusted or unknown sources.
  5. Users need to be very careful as there are some major possible threats attached to the hypertext links contained in the emails or attachments.
  6. One should apply the principle of least privilege to all the systems and services.
  7. The users should update their browsers to the latest version.
  8. It is very important for the Chrome users to follow the latest necessary guidelines to avoid such risks.
  9. Proper security fix should be ensured when its recommended.
  10. Users should keep checking for the update until it is available on their browser, and must follow the necessary security fix – install the update and restart Chrome.

Disclaimer

The content, including but not limited to any articles, news, quotes, information, data, text, reports, ratings, opinions, images, photos, graphics, graphs, charts, animations and video (Content) is a service of Kalkine Media Pty Ltd (Kalkine Media, we or us), ACN 629 651 672 and is available for personal and non-commercial use only. The principal purpose of the Content is to educate and inform. The Content does not contain or imply any recommendation or opinion intended to influence your financial decisions and must not be relied upon by you as such. Some of the Content on this website may be sponsored/non-sponsored, as applicable, but is NOT a solicitation or recommendation to buy, sell or hold the stocks of the company(s) or engage in any investment activity under discussion. Kalkine Media is neither licensed nor qualified to provide investment advice through this platform. Users should make their own enquiries about any investments and Kalkine Media strongly suggests the users to seek advice from a financial adviser, stockbroker or other professional (including taxation and legal advice), as necessary. Kalkine Media hereby disclaims any and all the liabilities to any user for any direct, indirect, implied, punitive, special, incidental or other consequential damages arising from any use of the Content on this website, which is provided without warranties. The views expressed in the Content by the guests, if any, are their own and do not necessarily represent the views or opinions of Kalkine Media. Some of the images/music that may be used on this website are copyright to their respective owner(s). Kalkine Media does not claim ownership of any of the pictures displayed/music used on this website unless stated otherwise. The images/music that may be used on this website are taken from various sources on the internet, including paid subscriptions or are believed to be in public domain. We have used reasonable efforts to accredit the source wherever it was indicated as or found to be necessary.


AU_advertise

Advertise your brand on Kalkine Media

Sponsored Articles


Investing Ideas

Previous Next
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.