Security News > 2021 > June > Update Your Chrome Browser to Patch Yet Another 0-Day Exploited in-the-Wild

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild.
Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL, a JavaScript API for rendering interactive 2D and 3D graphics within the browser.
The issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista noted, adding the company is "Aware that an exploit for CVE-2021-30554 exists in the wild."
While it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in active attacks.
"I'm happy we are getting better at detecting these exploits and the great partnerships we have to get the vulnerabilities patched, but I remain concerned about how many are being discovered on an ongoing basis and the role of commercial providers," tweeted Shane Huntley, Director of Google's Threat Analysis Group, on June 8.
Chrome users are recommended to update to the latest version by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More (source)
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- Chrome 136 fixes 20-year browser history privacy risk (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-30554 | Use After Free vulnerability in multiple products Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |