Google Chrome receives urgent update due to critical vulnerability shared on Twitter

Google has been forced to shake up its schedule because of the spread of a serious vulnerability on Twitter. The American company released a security update for Chrome, which was not planned, when it was initially supposed to release Chrome 90.

Expected on April 13, the new Google Chrome update did not show up. And for good reason: the Mountain View firm was forced to shake up its schedule to broadcast first an intermediate version of its web browser. As a result, instead of ending up with Chrome 90, Internet users have been content since April 13 with Chrome 89.0.4389.128.

However, everyone is invited to download and install this version. Indeed, this version of the web browser corrects two vulnerabilities considered to be serious. One affects its V8 JavaScript engine, while the other affects the Blink rendering engine, which is used to display web pages. And this is not the most serious: Google has learned that exploitations of these two flaws circulate on the net.

To avoid possible problems, the update is necessary. // Source: Google

Exploit code can be found on Twitter and GitHub

For the time being, adds the American company, access to the details and links of these two bugs is restricted until a majority of Internet users have updated Google Chrome. According to The Hacker News, Chrome’s release 89.0.4389.128 was in part precipitated by a computer researcher sharing a link on Twitter to GitHub giving details of one of the two flaws.

Our colleagues indicate that initially, this flaw was revealed during the Pwn2Own 2021 competition, whose edition took place at the beginning of April, by the company Dataflow Security. However, it appears that this researcher in computer science succeeded in creating an operational exploit code this weekend, reverse-engineering the fix that the Chromium Project team – on which Google Chrome relies on to work.

As a result, while a patch for the V8 JavaScript engine was on its way, and Google, then in the know, planned to integrate it later in a Chrome update, the code sharing on GitHub and on Twitter clearly seems to have happened. forced the Mountain View firm to shake up its schedule. The good news, however, is that there was already a patch in the pipes at that point.

The other good news is that the distribution of this code alone is obviously not enough to bypass Google Chrome’s security measures. In fact, its impact does not have very critical consequences, even if caution has precipitated the decision to release an intermediate version of Google Chrome. Maybe we’ll need another one, by the way, before or after Chrome 90.

Indeed, the same computer researcher announced on April 14 that while the previous vulnerability has been fixed in the latest version of the browser, another vulnerability has been fixed on the latest version of the JavaScript engine V8, but not yet on Chrome. In short: even the latest version of Chrome is still affected. But this time, he said not to publish anything.

The continuation in video


Source: Numerama by www.numerama.com.

*The article has been translated based on the content of Numerama by www.numerama.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!