Google has released a new security update 91.0.4472.164 for Windows, Mac and Linux to patch a number of security vulnerabilities, including a zero-day flaw that the tech giant says is being exploited by hackers in real-world attacks.
The zero-day vulnerability (CVE-2021-30563) is a type confusion issue within the V8 component in Google Chrome, which could be used by a remote attacker to execute an arbitrary code on the vulnerable system by creating a malicious web page and tricking a victim into visiting it.
As always, Google has not disclosed any details on how, when and by whom the zero-day vulnerability has been exploited.
In addition, the new security update patches the following issues: out of bounds write in ANGLE (CVE-2021-30559), use after free in V8 (CVE-2021-30541), use after free in Blink XSLT (CVE-2021-30560), type confusion in V8 (CVE-2021-30561), use after free in WebSerial (CVE-2021-30562), and heap buffer overflow in WebXR (CVE-2021-30564). All these bugs could allow a remote attacker compromise a vulnerable system.
Chrome users are advised to update to the latest Chrome version by heading to Settings -> Help -> 'About Google Chrome'.