Google Rewards S4E Team For Zero-Day Vulnerability DetectionNews by Daniel Segun - November 20, 20210 Vulnerability Watch: Google Pays $6,000 To S4E Team For Zero-Day Vulnerability CVE-2021-30573 Detection.The Security For Everyone (S4E) team detected a Google Chrome Zero-day vulnerability tagged CVE-2021-30573 in Google’s latest version of the Chrome browser. This discovery was made after the S4E team ran a very long warning message in the options part of Google Chrome’s HTML select element, which crashed the current version of the Google Chrome browser and the operating system in use.Table of Contents Google Chrome Zero-Day Vulnerability CVE-2021-30573 DiscoveryRecommendations By Security For Everyone TeamA Final WordGoogle Chrome Zero-Day Vulnerability CVE-2021-30573 DiscoveryThe long warning message was run on Google Chrome version [91.0.4472.77] + [stable] (official) (64-bit) on the following operating systems:Kali GNU/Linux version 2020.1Ubuntu version 20.04.2 LTSUbuntu version 20.04.1 LTSThe crash displayed a long error message (==40998==ERROR: AddressSanitizer: heap-use-after-free on address 0x61600000dce4 at pc 0x55e40c87ca32 bp 0x7ffdb5e46fd0 sp 0x7ffdb5e46fc8) each time the team typed in a long string of special characters which includes HTML tags and numbers in the browser’s options part of the ‘select element.’ The Proof of Concept code of the vulnerability detected by the S4E team is available on the GitHub repository.Google rewarded the Security For Everyone team a bounty price of $6000 after verifying the CVE-2021-30573 vulnerability. The spokesperson for S4E acknowledged the receipt of the Google bounty prize and also commended Google’s awesome vulnerability management team for their commitment to making the Chrome browser a safe browsing tool for its users worldwide. Nevertheless, the S4E team reiterated that their focus is on customers’ feedback on their products while they are in their early startup stage.Google has, however, rolled out Chrome browser version 92.0.4515.107, which is an updated version with over 35 bug fixes and improvements. Recommendations By Security For Everyone TeamS4E:Shelter is a SaaS tool by the Security For Everyone company that detects the security vulnerabilities in your tech assets. Also, it offers actionable solutions to you.Here are some recommendations from the Security For Everyone cybersecurity experts that you should take if you find yourself at risk of an unknown security vulnerability from your chrome browser.Always install the latest Chrome browser update from Google. Updates have patches that fix vulnerabilities in previous versions and also come with improvements.Revoke administrative privileges for all installed programs by running your PC as a non-privileged user to prevent the successful completion of vulnerability attacks by auto-installation. Revoking your administrative privileges means you will have to manually permit every program to run, thus giving you the opportunity of preventing you from unknowingly granting access to vulnerability threats.Avoid visiting untrusted websites; they are a great source of vulnerability threats.Avoid clicking on links on websites, in your emails, or SMS from unknown sources; such links could carry significant security threats. Email attachments from unknown sources can be phishing links containing links that can compromise your security.Always apply the rule of Least Privilege by imposing a level-based restriction to information not needed.Run an antivirus program should you detect any anomaly while using your PC.A Final WordIn conclusion, the Security for Everyone team promises to focus on customers’ safety and satisfaction by focusing on vulnerability checks that put users’ safety at risk. They are confident that Google will continue to roll out timely updates that fix vulnerabilities detected in previous versions of the Chrome browser.Sign up for the S4E:Shelter Automated Vulnerability Scanning ToolINTERESTING POSTS7 Business Credit Card Tips For Small BusinessesWhat Is Zero Day Exploit? Risks And Why Is It Called Zero Day?5 Ways to Run Command Prompt on your Windows PCHafnium Hackers hijacks Microsoft Exchange Server zero-day flawHow To Identify And Avoid SMS Scams (With Infographics)AuthorRecent Posts Follow meDaniel SegunFounder & Editor-in-Chief at SecureBlitz MediaDaniel Segun is the Founder and CEO of SecureBlitz Cybersecurity Media, with a background in Computer Science and Digital Marketing. When not writing, he's probably busy designing graphics or developing websites.Follow meLatest posts by Daniel Segun (see all) What Should I Know About IP Address Management Systems? - December 2, 2021 What Is DDI (DNS, DHCP, IPAM), And Do You Need One? - November 30, 2021 What Is Business Benefits Of The Blockchain Market? - November 29, 2021PLEASE SHARE THIS:EmailTwitterLinkedInTelegramFacebookTumblrWhatsAppRedditPinterestPrintRelated
