Other high-severity Google Chrome vulnerabilities include a use-after-free (CVE-2021-4099) bug and heap buffer overflow (CVE-2021-4101) flaw in the Swiftshader software 3D renderer, as well as an object lifecycle issue (CVE-2021-4100) in ANGLE, an open-source, cross-platform graphics engine abstraction layer. According to Chromium, Mojo is a communication framework that facilitates the passing of messages across arbitrary inter- and intra-process boundaries. Other vulnerabilities addressed in the Chrome update include a critical-severity, insufficient data validation issue in Mojo (CVE-2021-4098). As is standard for Chrome security advisories, bug details are not being released until a “majority of users are updated with a fix.” Google was alerted to the flaw by an anonymous reporter on Dec. “Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild,” according to the security advisory. Previously, other zero-day vulnerabilities have been uncovered in the web engine, including CVE-2021-38003, an inappropriate implementation error, and CVE-2021-38001, a type-confusion bug. The vulnerability is a use-after-free flaw, which is a type of issue that occurs when an application continues to use a pointer after it has been freed, causing the program to crash and potentially allowing for arbitrary code to be executed. The zero-day vulnerability (CVE-2021-4102) exists in the open-source V8 Javascript engine, which was developed by the Chromium Project for the Chrome and Chromium web browsers. The fixes are part of a Monday update of the Stable channel to version. Google has issued fixes for five security flaws, including a high-severity bug that is being actively exploited by attackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |