If you use Google Chrome as your internet browser, then now might be a good time to check you are using the most recent update that was released on June 9th. Google released an urgent update for the browser to help combat 14 separate cybersecurity issues that they had discovered, most worryingly being a zero-day vulnerability that was already being taken advantage of by hackers.
As of 2021 an estimated 2.65 billion people use Google Chrome (Source: Backlinko), meaning hackers have a practically infinite number of people to attempt to hack and scam. We spoke about the risks of zero-day attacks not long ago in another blog post that you can read here. In that article we emphasized the importance of keeping your software and programs up to date with the latest patches to help reduce your risk of cyberattacks, and the recent attack on Google Chrome is an excellent example of why.
In a blog post from Prudhvikumar Bommana, a Technical Program Manager for Google Chrome, he listed the 14 vulnerabilities and gave a brief overview of what each problem was, which you can read here. The key vulnerability we are looking at today is labelled ‘CVE-2021-30551’ and described as ‘Type Confusion in V8’. Bommana later says in his blog, “Google is aware that an exploit for CVE-2021-30551 exists in the wild”, referring to the zero-day attack.
Luckily Google were able to react at a fast pace, releasing their updated version of Google Chrome (version 91.0.4472.101) and putting the word out to encourage all users to install the newest update. If you’re working on a laptop or computer, you can check which version of Google Chrome you are using by clicking on the three vertical dots in the corner at the top-right, then navigate to ‘Help > About Google Chrome’ to see which version you are using, and if any updates are available.
Here at Euclid Security, we offer a range of professional cybersecurity services to ensure your business is safe, secure, and prepared for anything. Whether you need cybersecurity training, consultation and advisory services, or a full security assessment, we can help. If you want to have a no-obligation discussion about your cybersecurity, get in touch today.