Security News > 2021 > June > Google fixes sixth Chrome zero-day exploited in the wild this year
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.
Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.
Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome.
In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser's sandbox and install malware in Windows.
Microsoft fixed the Windows vulnerabilities yesterday as part of the June 2021 Patch Tuesday, but Kaspersky could not determine what Google Chrome vulnerabilities were used in the Puzzlemaker attacks.
Kaspersky believes the attackers may have been using the Google Chrome CVE-2021-21224 vulnerability but have not ruled out the use of further undisclosed Chrome zero-day vulnerabilities.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-30551 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |