Security News > 2021 > June > Google fixes seventh Chrome zero-day exploited in the wild this year
Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild.
Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.
Although Google says that it is aware of CVE-2021-30554 in the wild exploitation, it did not share info regarding these attacks.
Google fixed three more high severity use after free bugs today in Chrome's Sharing, WebAudio, and TabGroups components, tracked as CVE-2021-30555, CVE-2021-30556, and CVE-2021-30557.
Seventh Chrome zero-day exploited in the wild this year.
In addition to these zero-days, Kaspersky reported that a threat actor group known as Puzzlemaker is chaining Chrome zero-day bugs to escape the browser's sandbox and install malware on Windows systems.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-30557 | Use After Free vulnerability in multiple products Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-07-02 | CVE-2021-30556 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-07-02 | CVE-2021-30555 | Use After Free vulnerability in Google Chrome Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. | 8.8 |
| 2021-07-02 | CVE-2021-30554 | Use After Free vulnerability in multiple products Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |