Microsoft and Google release urgent browser security update for Risk Level 4 Drive-by exploit

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
If your browser is prompting you to restart now may be a good time to do so. Microsoft and Google have released an urgent fix for a browser vulnerability in their Chromium-based browsers which can be exploited simply by visiting a web page or clicking a link.

According to the BSI:

Several vulnerabilities in Google Chrome and Microsoft Chrome-based Edge have been disclosed. An attacker can exploit this with unknown effects. To exploit it, it is sufficient to call up a maliciously designed website or to click a link to such a page.
The vulnerabilities have been judged as Risk level 4, meaning they are high impact and easy to exploit.

Microsoft has updated their Edge browser to version 92.0.902.78 and list 6 vulnerabilities fixed by the update:

CVE-2021-30604,CVE-2021-30603, CVE-2021-30602,CVE-2021-30601, CVE-2021-30599, CVE-2021-30598

Unfortunately, more details regarding the exploits are not available yet.

The Chrome browser is affected by the same issues – simply restarting your browser should be sufficient to install the updates.
All chromium-based browsers with their latest update based on Google Chrome version 92.0.4515.159 should be safe.
Waiting for an update from Opera
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
All chromium-based browsers with their latest update based on Google Chrome version 92.0.4515.159 should be safe.

Waiting for an update from Opera
Operas stable version is for sure at risk, but Beta and Developer runs Chrome version: 93.0.4577.18 & 94.0.4590.0.

 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
The chrome-derived slim jet I'm using tends to be slow to keep up with updates and is still at 90.0.4430.93.
This browser is my favorite, but I feel that it is considerably inferior to Google and Edge in responding to security updates.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Google Chrome has more than 2 billion users worldwide. This does make the browser a significant target of hackers and other cybercriminals, and unfortunately, the security features aren’t always enough to keep users safe. Just this weekend, the tech giant issued its fourth urgent update in two months. I feel that now might be the time to start looking at safer browsers.

In their most recent official blog post, Google revealed seven high-rated security threats discovered in Chrome on all major operating systems, including Android, Windows, iOS, and Linux.

As is the norm for the tech giant, they aren’t releasing too much information about the threats. This attempts to stop the spread of information to cybercriminals and give users time to install the necessary security updates and protect themselves and their data.

Currently, this is all that users have to go on regarding these severe vulnerabilities:
  • High — CVE-2021-30598: Reported by Manfred Paul. Type Confusion in V8.
  • High — CVE-2021-30599: Reported by Manfred Paul. Type Confusion in V8.
  • High — CVE-2021-30600: Reported by 360 Alpha Lab. Use after free in Printing.
  • High — CVE-2021-30601: Reported by 360 Alpha Lab. Use after free in Extensions API.
  • High — CVE-2021-30602: Reported by Cisco Talos. Use after free in WebRTC.
  • High — CVE-2021-30603: Reported by Google Project Zero. Race in WebAudio.
  • High — CVE-2021-30604: Reported by SecunologyLab. Use after free in ANGLE.

The rest
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Operas stable version is for sure at risk, but Beta and Developer runs Chrome version: 93.0.4577.18 & 94.0.4590.0.

Opera stable is now also up to date:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top