Microsoft and Google release urgent browser security update for Risk Level 4 Drive-by exploit

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,983
If your browser is prompting you to restart now may be a good time to do so. Microsoft and Google have released an urgent fix for a browser vulnerability in their Chromium-based browsers which can be exploited simply by visiting a web page or clicking a link.

According to the BSI:

Several vulnerabilities in Google Chrome and Microsoft Chrome-based Edge have been disclosed. An attacker can exploit this with unknown effects. To exploit it, it is sufficient to call up a maliciously designed website or to click a link to such a page.
The vulnerabilities have been judged as Risk level 4, meaning they are high impact and easy to exploit.

Microsoft has updated their Edge browser to version 92.0.902.78 and list 6 vulnerabilities fixed by the update:

CVE-2021-30604,CVE-2021-30603, CVE-2021-30602,CVE-2021-30601, CVE-2021-30599, CVE-2021-30598

Unfortunately, more details regarding the exploits are not available yet.

The Chrome browser is affected by the same issues – simply restarting your browser should be sufficient to install the updates.
All chromium-based browsers with their latest update based on Google Chrome version 92.0.4515.159 should be safe.
Waiting for an update from Opera
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,444
All chromium-based browsers with their latest update based on Google Chrome version 92.0.4515.159 should be safe.

Waiting for an update from Opera
Operas stable version is for sure at risk, but Beta and Developer runs Chrome version: 93.0.4577.18 & 94.0.4590.0.

 

CyberTech

Level 36
Verified
Nov 10, 2017
2,511
Google Chrome has more than 2 billion users worldwide. This does make the browser a significant target of hackers and other cybercriminals, and unfortunately, the security features aren’t always enough to keep users safe. Just this weekend, the tech giant issued its fourth urgent update in two months. I feel that now might be the time to start looking at safer browsers.

In their most recent official blog post, Google revealed seven high-rated security threats discovered in Chrome on all major operating systems, including Android, Windows, iOS, and Linux.

As is the norm for the tech giant, they aren’t releasing too much information about the threats. This attempts to stop the spread of information to cybercriminals and give users time to install the necessary security updates and protect themselves and their data.

Currently, this is all that users have to go on regarding these severe vulnerabilities:
  • High — CVE-2021-30598: Reported by Manfred Paul. Type Confusion in V8.
  • High — CVE-2021-30599: Reported by Manfred Paul. Type Confusion in V8.
  • High — CVE-2021-30600: Reported by 360 Alpha Lab. Use after free in Printing.
  • High — CVE-2021-30601: Reported by 360 Alpha Lab. Use after free in Extensions API.
  • High — CVE-2021-30602: Reported by Cisco Talos. Use after free in WebRTC.
  • High — CVE-2021-30603: Reported by Google Project Zero. Race in WebAudio.
  • High — CVE-2021-30604: Reported by SecunologyLab. Use after free in ANGLE.

The rest
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,983
Operas stable version is for sure at risk, but Beta and Developer runs Chrome version: 93.0.4577.18 & 94.0.4590.0.

Opera stable is now also up to date:
 
Top