A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser.
The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher of the Chinese information security company Singular Security Lab.
The researcher is known to have earned $15,000 for this problem through the bug bounty program.
Google developers described the found bug as “insufficient data validation in V8.”
The Singular Security Lab researcher writes that the CVE-2021-21227 vulnerability is related to the CVE-2020-16040 and CVE-2020-15965 bugs, also found in the V8 code, which Google engineers fixed in Chrome in December and September 2020. For example, an expert discovered the CVE-2021-21227 problem while analysing patches for two other vulnerabilities. According to him, all these errors were associated with the same function.
Also in version 90.0.4430.93 of Chrome released this week, nine more vulnerabilities were fixed, including a couple of high severity, three medium and one low severity bugs.
Let me remind you that also recently Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.
And also that The Record reports that the Chinese cybersecurity company Qingteng Cloud Security has detected attacks on WeChat users, in which is used a fresh vulnerability in Chrome. The attackers used an exploit published 2 weeks ago.
