Google Chrome is one of the most popular browsers today with more than 2 billion users. Photo: EarnGurus Recently, a security researcher from the Project Zero team discovered a critical security vulnerability (CVE-2021-30551) in Google Chrome, affecting many users. Not much is known about this vulnerability, instead, it is only briefly described: “Confusion in V8”. This is a JavaScript engine, used quite commonly on Google Chrome and browsers using Chromium source code (including Microsoft Edge). In a blog post, Google confirmed that the CVE-2021-30551 vulnerability exists in the wild. To limit future attacks, Google Chrome users should update their browser immediately by going to Settings – Help – About Google Chrome (about Google Chrome). When the update to version 91.0.4472.101 is complete, simply press Relaunch to restart the browser. Update Google Chrome browser to the latest version. Photo: Tieu MINH This is the sixth zero day vulnerability found on Google Chrome since the beginning of the year. The latest version of the browser also contains a total of 10 security patches, seven of which are listed as High threat and one is described as Critical. Sharing with BleepingComputer, Kaspersky warned that a new group of hackers calling themselves PuzzleMaker successfully hacked both Chrome and Windows this month, prompting Microsoft to issue an urgent upgrade notice for Windows users. In addition, Kaspersky also recommends that users update their browser and operating system to the latest version to limit future attacks.

Doctor Web researchers discovered 10 seemingly harmless apps on AppGallery – Huawei’s official app market – that contain codes that connect to malicious C&C servers to take over additional configuration and components. These additional components bypass the user, automatically signing up for the paid service. To cover the phone’s owner, they demanded access to the notification and then interfered with the SMS verification code sent by the paid service. According to experts, the malicious code will subscribe to up to 5 such services, although developers can change the limit at any time. The list of infected applications range from virtual keyboards, photography, launchers, texting to stickers, games. Most have the same developer, Shanxi Kuailaipai Network Technology. In total, 10 apps were downloaded by more than 538,000 Huawei users. Doctor Web reported to Huawei and the company removing them from AppGallery. However, downloaders still have to manually delete the device. Below is a list of software that need to be removed immediately: Super Keyboard, Happy Color, Fun Color, New 2021 Keyboard, Camera MX – Photo Video Camera, BeautyPlus Camera, Color RollingIcon, Funney Meme Emoji, Happy Tapping, All-in-One Messenger. Experts say that modules downloaded from the malicious AppGallery also appear in other apps on Google Play. Once activated, they contact the remote server to receive the configuration file, which contains the task list, the paid service website, and the JavaScript mimics the user’s actions. The Joker malware was born in 2017, continuously detected in apps on Google Play Store. In October 2019, Kaspersky malware analyst Tatyana Shishkova tweeted about more than 70 malicious applications on the Google market. According to Google, they have removed about 1,700 Joker malicious apps since 2017. Du Lam (According to BleepingComputer)