Security News > 2021 > June > Google fixes seventh Chrome zero-day exploited in the wild this year

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild.
Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.
Although Google says that it is aware of CVE-2021-30554 in the wild exploitation, it did not share info regarding these attacks.
Google fixed three more high severity use after free bugs today in Chrome's Sharing, WebAudio, and TabGroups components, tracked as CVE-2021-30555, CVE-2021-30556, and CVE-2021-30557.
Seventh Chrome zero-day exploited in the wild this year.
In addition to these zero-days, Kaspersky reported that a threat actor group known as Puzzlemaker is chaining Chrome zero-day bugs to escape the browser's sandbox and install malware on Windows systems.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-30557 | Use After Free vulnerability in multiple products Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-07-02 | CVE-2021-30556 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-07-02 | CVE-2021-30555 | Use After Free vulnerability in Google Chrome Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. | 8.8 |
2021-07-02 | CVE-2021-30554 | Use After Free vulnerability in multiple products Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |