Connect with us

Google fixes two 0-Day vulnerabilities in Chrome



These are the 10th and 11th zero-day vulnerabilities in Chrome fixed by Google since the beginning of this year.

Google has released security updates for its Chrome browser that fix 11 vulnerabilities, two of which are already actively exploited in hacker attacks.

Zero-day vulnerabilities CVE-2021-30632 and CVE-2021-30633 represent out-of-bounds writing in the V8 JavaScript engine and post-free memory usage in the Indexed DB API, respectively. The company became aware of them on September 8, 2021 from an anonymous source.

As usual in such cases, Google limited itself to only a standard message that it “knows about the existence of exploits for CVE-2021-30632 and CVE-2021-30633 to carry out real attacks.” How, when, by whom and where the vulnerabilities were exploited, the company, as usual, did not specify.

CVE-2021-30632 and CVE-2021-30633 are the tenth and eleventh zero-day vulnerabilities in Chrome that have been patched by Google since the beginning of this year. The list of other vulnerabilities includes:

CVE-2021-21148 – buffer overflow in V8;

CVE-2021-21166 – Object recycle problem in audio;

CVE-2021-21193 – Post-free memory usage in Blink;

CVE-2021-21206 – Post-free memory usage in Blink;

CVE-2021-21220 – Insufficient validation of untrusted input data in V8 for x86_64;

CVE-2021-21224 – mismatch of input data types in V8;

CVE-2021-30551 – mismatch of input data types in V8;

CVE-2021-30554 – Post-free memory usage in WebGL;

CVE-2021-30563 – inconsistency of the types of input data in V8.

Chrome users are advised to update their browsers to the latest version 93.0.4577.82 for Windows, Mac and Linux.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Vice Society ransomware attacked a network of medical facilities in California



The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.

United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.

United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.

On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.

This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.

The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.

When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:

“Why not?

They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?

The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?

If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “

Continue Reading


The data of those wishing to take out a loan from Sovcombank got into the public domain



The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.

The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …

Continue Reading


Chinese authorities ordered to cleanse cartoons of “unhealthy” content



The Chinese authorities are confident that cartoons should support “truth, goodness and beauty.”

The Chinese television regulator demanded that producers not allow scenes of violence, vulgar and pornographic content to appear in cartoons. At the same time, the authorities will encourage “healthy” cartoons that carry “truth, goodness and beauty.”

The National Radio and Television Administration of China issued a notice to cartoon creators on September 24. The regulator recalled that mainly children and young people watch cartoons. Therefore, producers and artists should fill the paintings with content that carries “truth, goodness and beauty,” the agency said.

The regulator promised to encourage the creators of “healthy” cartoons, but did not specify how exactly.

In recent months, the Chinese authorities have introduced several measures aimed at the younger generation. At the end of July, the country banned streaming with the participation of children under the age of 16. A local regulator expressed concern over the display of “capitalist values” and “extravagant pleasures” in the videos of young Chinese people.

In August, the Chinese authorities also limited the time children and teenagers can spend playing online. Minors are only allowed to play between 8:00 pm and 9:00 pm on Friday, Saturday, Sunday and public holidays.

Continue Reading

Most Popular