Security News > 2021 > July > Google: New Chrome Zero-Day Being Exploited
For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser.
The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.
The newest Chrome 91.0.4472.164 is available for Windows, macOS and Linux users and will be pushed via the browser's automatic updating mechanism over the coming weeks.
The specific vulnerability being exploited - CVE-2021-30563 - is described as a type confusion error within Chrome's V8 JavaScript engine.
In all, the Chrome 91.0.4472.164 update contains fixes for multiple "High-risk" flaws that expose users to remote code execution attacks.
Exploits for zero-day flaws in Chrome have featured heavily in nation-state malware activity.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-30563 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |