Security News > 2021 > July > Google patches 8th Chrome zero-day exploited in the wild this year
Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild.
Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > 'About Google Chrome.
While Google said that it is aware of CVE-2021-30563 in the wild exploitation, it did not share info regarding these attacks to allow the security update to deploy on as many systems as possible before more threat actors start actively abusing.
In all, Google has patched eight Chrome zero-day bugs exploited by attackers in the wild since the start of 2021.
The Google Threat Analysis Group has shared additional details earlier this week regarding in-the-wild exploitation of CVE-2021-21166 and CVE-2021-30551 Chrome zero-days.
"Based on our analysis, we assess that the Chrome and Internet Explorer exploits described here were developed and sold by the same vendor providing surveillance capabilities to customers around the world," Google said.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-30563 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-06-15 | CVE-2021-30551 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21166 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |