Get in Touch
Active Exploitation of Chrome’s V8 Engine
Overview
Google’s latest update for the Chrome browser fixes 4 security issues including an exploit for the V8 JavaScript engine.
Some of the patched vulnerabilities (CVE-2021-37975 and CVE-2021-37976) are being actively exploited in the wild.
Chromium-based browsers such as Microsoft Edge, Brave and Opera are also affected.
Impact
A malicious website may be able to execute code on a hosts machine.
Vulnerability Detection
You can see which version of Chrome you are running in the About tab of the settings page.
Navigate your browser to: `chrome://settings/help`
The most recent version as of 2021-09-30 is 94.0.4606.71
Containment, Mitigations & Remediations
If you’re running an older version, then Chrome should update itself automatically on the next launch.
The About page can be used to manually update and this requires a relaunch of the browser.
Other advice:
– Don’t use administrative accounts to browse the internet.
– Avoid clicking on suspicious links or browsing untrustworthy websites.
– Apply the Principle of Least Privilege to all systems and services.
Mitre Methodologies
– T1189 – Drive-by Compromise
Further Information
Stable Channel Update for Desktop (Thursday, September 30, 2021)