Security News > 2021 > June > Google Patches Chrome Zero-Day Used by Commercial Exploit Company
Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild.
"Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.
On Twitter, Shane Huntley, director of Google's Threat Analysis Group, revealed that the exploit for CVE-2021-30551 has been created by a "Commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting."
The same organization has developed an exploit for CVE-2021-33742, a critical remote code execution issue in the Windows MSHTML platform, Huntley explains.
Microsoft this week released patches for this flaw and five other actively exploited security vulnerabilities in its products.
Since the beginning of 2021, Google addressed a total of six zero-day vulnerabilities in Chrome.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-30551 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-06-08 | CVE-2021-33742 | Out-of-bounds Write vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 0.0 |