Written by Tim Starks
Oct 1, 2021 | CYBERSCOOP
Google Chrome has issued emergency updates for two zero-day flaws that attackers are exploiting, the second pair for the browser in a month.
It’s been a record year for such flaws, which previously unknown to the vendor. Chrome itself has caught 12 zero-days to date in 2021 compared to eight in all of 2020, according to Google’s Project Zero “0day in the Wild” database, which tracks zero-days.
By many measurements, Chrome is the world’s most popular browser, with one report putting its user count at nearly 3.3 billion. That makes it a lucrative target for hackers. There doesn’t appear to be just one answer for the rise in zero-days in 2021, even as more people seem to invest in hacking techniques. Defenders are also improving their own detection skills.
“Google is aware the exploits” for the two flaws “exist in the wild,” the company wrote on Thursday.
Google otherwise didn’t provide many details about the flaws. One, deemed high severity, was a kind of memory-corruption bug. Google Threat Analysis Group discovered it. Five of this year’s Chrome zero-days have been of this type, known as “use after free.”