Google Chrome is one of the most popular browsers today with more than 2 billion users. Photo: EarnGurus Recently, a security researcher from the Project Zero team discovered a critical security vulnerability (CVE-2021-30551) in Google Chrome, affecting many users. Not much is known about this vulnerability, instead, it is only briefly described: “Confusion in V8”. This is a JavaScript engine, used quite commonly on Google Chrome and browsers using Chromium source code (including Microsoft Edge). In a blog post, Google confirmed that the CVE-2021-30551 vulnerability exists in the wild. To limit future attacks, Google Chrome users should update their browser immediately by going to Settings – Help – About Google Chrome (about Google Chrome). When the update to version 91.0.4472.101 is complete, simply press Relaunch to restart the browser. Update Google Chrome browser to the latest version. Photo: Tieu MINH This is the sixth zero day vulnerability found on Google Chrome since the beginning of the year. The latest version of the browser also contains a total of 10 security patches, seven of which are listed as High threat and one is described as Critical. Sharing with BleepingComputer, Kaspersky warned that a new group of hackers calling themselves PuzzleMaker successfully hacked both Chrome and Windows this month, prompting Microsoft to issue an urgent upgrade notice for Windows users. In addition, Kaspersky also recommends that users update their browser and operating system to the latest version to limit future attacks.

UC Browser is developed by UCWeb, a subsidiary of Alibaba (China). This is one of the most popular mobile browsers in Asia, with over 500 million downloads on Google Play alone. According to security researcher Gabi Cirlig, UC Browser silently sent iPhone users’ browsing data (even with incognito mode enabled) to UCWeb servers (registered in China, but located in the US). ). This is in stark contrast to the company’s previous statement, which does not record a user’s “browsing and search history” when incognito mode is activated. More worryingly, UC Browser also collects IDs (unique identifiers) to track users across various websites. The collection of user data happens on both Android and iOS versions, not sure what UCWeb is doing with all this information? Interested readers can watch the video at: “This kind of tracking is done on purpose,” Cirlig told Forbes. When compared with Google Chrome browser and some other popular browsers, he found there is no browser like UC Browser. UC Browser just rolled out a new update last week, but the company never mentioned monitoring users’ browsing activity. Currently the English version of UC Browser has been removed from the App Store, but the Chinese version still exists, and unlike the English version, it does not send data back to the UCWeb server. Earlier in 2019, the UC Browser version for Android also violated Google Play’s policies.

Google Chrome 90 on macOS and Linux does not appear to be affected. Photo: MINH HOANG A Google product expert seems to have identified the problem. “It seems that this issue is related to the User Data folder of the computer, so using Google Chrome (beta) should solve the problem.” However, if you just want to use the stable version of Google Chrome, you can follow these steps to prevent problems. First, close the browser and press the Windows + E key combination to open File Explorer, then paste the %LOCALAPPDATA%GoogleChromeUser Data link in the address bar and press Enter. Next, delete the Local State file, then reopen the Google Chrome browser. If the problem is still not fixed, the user can simply go back to %LOCALAPPDATA%GoogleChromeUser Data, copy everything here to another place, such as the Desktop. Then, rename the User Data folder to any name (different from the old name) and reopen the Google Chrome browser. Currently Google has confirmed the issue, and it will probably be fixed in the near future through a new update.

The latest version of Chrome – 90.0.4430.212 – is available for Windows, Mac and Linux users. Updates for Android and iOS phones of the browser have also been released. (Image: Shutterstock / XanderSt) Of the 19 vulnerabilities patched in this release, 15 have been reported by 3rd party security researchers, of which 13 are rated high severity and 2 vulnerabilities are rated as medium severity. The parts of Chrome affected by these issues include: Installing apps over the web; offline mode; media feeds; Aura; tab group; notification; V8; autofill; File API; history, reading mode; payment and tab strip. (Photo: Gadgets To Use) As usual, the company will not release details of the bugs that have been patched until the fixes are sent to most users. In its recommendation, Google does not mention that any of these vulnerabilities are exploited in online attacks. However, over the past few months, the Internet search giant has released patches for a number of dangerous zero-day vulnerabilities appearing in the browser. (Photo: MakeUseOf) In March, Google released an urgent fix to address CVE-2021-21193, a dangerous zero-day vulnerability. In April, the company released patches for the CVE-2021-21206 and CVE-2021-21220 (in Chrome 89) and CVE-2021-21224 (Chrome 90) series of vulnerabilities. Back in April, a Chromium vulnerability (in the V8 JavaScript engine) was announced before patches were sent to Chrome and Microsoft Edge users. In the same month, Google also patched another critical bug in V8. (Photo: Lesterman/Shutterstock) Chrome users should install the recently released security update to prevent any possible attacks. To update the Google Chrome browser, click the menu icon (3 dots) in the upper right corner, then select Help > About Chrome (about Chrome). After the update is complete, click Relaunch to restart the browser.

How the fake Google Chrome app infiltrates the phone Specifically, the crook will initially send you an SMS and ask to pay a small fee to receive the parcel. When the user clicks on the attached link, the screen will display a message asking to update the Google Chrome browser (actually fake software) and pay 1-2 USD fee to receive the goods via credit card. use. If you do, the crooks will instantly get your credit card information and take your money. In addition, the malware also uses the device to send about 2,000 phishing SMS messages per week to random phone numbers. According to the researchers, the malware’s propagation speed is relatively fast, able to target hundreds of thousands of users in a short time. How to limit? The researchers recommend that users absolutely do not give out credit card information to strangers. Also only update apps directly through Google Play or the App Store, do not click on suspicious links, even if they are sent by friends or relatives.

Through the Win32k vulnerability, hackers can gain access to your computer and have full control over the device, however, this requires user interaction. Security researcher Boris Larin at Kaspersky Labs said the vulnerability was exploited by a group of hackers called BITTER APT. Other vulnerabilities such as the Windows NTFS denial of service vulnerability have not been actively exploited. But Microsoft notes that they have been publicly disclosed, meaning everyone knows about them. To limit attack, users should update the operating system as soon as possible by clicking on the Start menu and selecting Settings – Security & Update – Windows Update – Check for Updates. Recently, Google has just released two patches for Chrome browser on the computer, although they do not provide detailed information, both vulnerabilities are labeled “high” and have been exploited by hackers. To update Google Chrome browser, click the three-dot icon in the upper right corner, then select Help – About Google Chrome (about Google Chrome), finally click Relaunch to restart. Browser.