Active Exploitation of Chrome’s V8 Engine

Home / Threat Intelligence bulletins / Active Exploitation of Chrome's V8 Engine

Overview

Google’s latest update for the Chrome browser fixes 4 security issues including an exploit for the V8 JavaScript engine.

Some of the patched vulnerabilities (CVE-2021-37975 and CVE-2021-37976) are being actively exploited in the wild.

Chromium-based browsers such as Microsoft Edge, Brave and Opera are also affected.

Impact

A malicious website may be able to execute code on a hosts machine.

Vulnerability Detection

You can see which version of Chrome you are running in the About tab of the settings page.

Navigate your browser to: `chrome://settings/help`

The most recent version as of 2021-09-30 is 94.0.4606.71

Containment, Mitigations & Remediations

If you’re running an older version, then Chrome should update itself automatically on the next launch.

The About page can be used to manually update and this requires a relaunch of the browser.

Other advice:

– Don’t use administrative accounts to browse the internet.
– Avoid clicking on suspicious links or browsing untrustworthy websites.
– Apply the Principle of Least Privilege to all systems and services.

Mitre Methodologies

T1189 – Drive-by Compromise

Further Information

Stable Channel Update for Desktop (Thursday, September 30, 2021)