Google fixed another major vulnerability in the V8 engine

major vulnerability in V8

A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser.

The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher of the Chinese information security company Singular Security Lab.

The researcher is known to have earned $15,000 for this problem through the bug bounty program.

Google developers described the found bug as “insufficient data validation in V8.”

The vulnerability can be exploited to remotely execute code in the victim’s browser, but like other recently discovered bugs in V8, it prevents the user from escaping the Chrome sandbox. That is, to fully exploit CVE-2021-21227 for attacks, it will have to be combined with another security issue.Google engineers say.

The Singular Security Lab researcher writes that the CVE-2021-21227 vulnerability is related to the CVE-2020-16040 and CVE-2020-15965 bugs, also found in the V8 code, which Google engineers fixed in Chrome in December and September 2020. For example, an expert discovered the CVE-2021-21227 problem while analysing patches for two other vulnerabilities. According to him, all these errors were associated with the same function.

Also in version 90.0.4430.93 of Chrome released this week, nine more vulnerabilities were fixed, including a couple of high severity, three medium and one low severity bugs.

Let me remind you that also recently Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.

And also that The Record reports that the Chinese cybersecurity company Qingteng Cloud Security has detected attacks on WeChat users, in which is used a fresh vulnerability in Chrome. The attackers used an exploit published 2 weeks ago.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *