Chrome under attack: How to Fix?
|Chrome under attack for second time in a month. Photo: News Tunf|
Google Chrome has been patched to fix a critical security issue as well as a couple of other networking bugs. This comes only around a week-and-a-half after Google Chrome needed to fix flaws in WebKit its open source browser engine.
The Google security team found a critical flaw that made Chrome vulnerable to a buffer overflow when handling particular responses from HTTP servers. The issue could have allowed a specially crafted response from a server to crash the browser and allow an attacker to run code on a victim's computer, according to Itpro.
Google said more details of the flaw would be made available once the majority of users were up to date with the fix. If you're dealing with Chrome under attack for second time this month, check below.
How to fix it?
Chrome version 89.0.4389.90 for Windows, Mac and Linux fixes five security bugs, one of which (catalogued as CVE-2021-21193) has to do with unprotected memory in Chrome's Blink rendering engine. "Google," the official Chrome blog post dryly notes, "is aware of reports that an exploit for CVE-2021-21193 exists in the wild."
In other words, the bad guys knew about this Blink vulnerability and launched attacks before the good guys could get their boots on — the classic definition of a zero-day exploit. The flaw was reported to Google three days ago by a researcher who apparently wishes to remain anonymous.
|Otherwise, click the three vertical dots at the top right of the Chrome browser window with your mouse cursor, scroll down to Help and click About Google Chrome in the fly-out window. A new browser tab will open; it will either tell you that "Google Chrome is up to date" or download the latest version and prompt you to relaunch the browser. Again, you want to be on version 89.0.4389.90. |
On Linux, you'll probably have to wait for your distribution to put the Chrome update in the distribution's regular software update cycle.
Four other fixes
Two of the other four flaws in today's patches were reported by non-Google parties. One is a memory-handling flaw in WebRTC, the multimedia engine built into modern web browsers; its pseudonymous finder, "raven," will get a $500 bug bounty for their troubles.
The other is a heap buffer overflow — basically a memory overrun — in Chrome tab groups, which was found by Abdulrahman Alqabandi of the Microsoft Browser Vulnerability Research team.
Google discovered and fixed two other flaws on its own and isn't providing any details about those yet. On March 2, Google patched 47 Chrome security flaws, including an audio flaw that was already being exploited in the wild, Tomsguide noted.
About the latest version of Chrome: 89.0.4389.90
|Photo: Daily Express|
The problem is assigned a high, but not critical, hazard level, i.e. it is indicated that the vulnerability does not allow to bypass all levels of browser protection and is not enough to execute code on the system outside the sandbox environment. By itself, the vulnerability in Chrome does not allow bypassing the sandbox environment, and a full-fledged attack requires the use of another vulnerability in the operating system, Altusintel cited.
* Check the links below for more related information:
| How to Add or Edit Road on Google Maps? |
So great, you will be able to draw missing roads on Google Maps or edit the wrong ones. Check out how this tool works?
| Google Pixel 5a: Release Date, Price and What to Expect! |
Last week, the new Google phone was rumored to come in June, with all signs pointing to a Pixel 5a launch! Today, the date seems ...
| Top Most Popular Apps on the Appstore and Google Play |
With 2.1 million apps and 2 million available apps respectively on Google Play Store and Apple’s App Store, apps and games helped the world work, ...
| Who are Most Searched on Google - Top 10 trending people searches |
Google has just published the results of 2020's search trends about people. Check out this article to know what are the top 10 searched people ...