Security News > 2021 > July > Google: New Chrome Zero-Day Being Exploited
For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser.
The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.
The newest Chrome 91.0.4472.164 is available for Windows, macOS and Linux users and will be pushed via the browser's automatic updating mechanism over the coming weeks.
The specific vulnerability being exploited - CVE-2021-30563 - is described as a type confusion error within Chrome's V8 JavaScript engine.
In all, the Chrome 91.0.4472.164 update contains fixes for multiple "High-risk" flaws that expose users to remote code execution attacks.
Exploits for zero-day flaws in Chrome have featured heavily in nation-state malware activity.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-03 | CVE-2021-30563 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |