Google fixes actively exploited Chrome zero‑day
The latest Chrome update patches a bumper crop of security flaws across the browser’s desktop versions
Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors. The bugs affect the Windows, macOS, and Linux versions of the browser.
“Google is aware that an exploit for CVE-2021-30551 exists in the wild,” reads Google’s security update describing the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers. The vulnerability, classified as high in severity, was disclosed by Sergei Glazunov, a member of Google’s Project Zero bug-hunting squad.
While details about the security loophole remain sparse, Shane Huntley, Director of Google Security’s Threat Analysis Group (TAG), tweeted that the threat actor that has been exploiting this vulnerability has also been targeting another zero-day.
Tracked as CVE-2021-33742, the latter is a remote code execution vulnerability in the Windows MSHTML platform and it impacts all supported versions of the Microsoft Windows operating system. This vulnerability was discovered by Clément Lecigne, also of Google’s TAG, and was plugged as part of Microsoft’s Patch Tuesday cycle earlier this week.
Chrome in-the-wild vulnerability CVE-2021-30551 patched today was also from the same actor and targeting.
Thanks to Chrome team for also patching within 7 days.https://t.co/1RDbbuiBfY https://t.co/Ap9dEq98Cy— Shane Huntley (@ShaneHuntley) June 9, 2021
The Chrome update fixes 14 security loopholes in total, with the tech giant specifically listing nine other bugs beyond the disclosed zero-day where the fixes were contributed by external researchers. Six bugs were listed as high-severity, two are classified as medium in severity and one achieved the highest rating of critical.
Google hasn’t disclosed any additional details about the vulnerabilities. This is common practice with such releases as the company aims to give as many users as possible a chance to update their Chrome browser to the newest available version and so lower the chance of the loopholes being exploited by cybercriminals.
Needless to say, you would do well to update your browsers to the latest version (91.0.4472.101) as soon as possible. If you have automatic updates enabled, then the browser should be able to update to the newest version by itself. However, if you don’t, you can do so manually, by navigating to the About Google Chrome section which you’ll find in the menu bar under Help.