16 July 2021

Google fixes Chrome zero-day exploited in the wild


Google fixes Chrome zero-day exploited in the wild

Google has released a new security update 91.0.4472.164 for Windows, Mac and Linux to patch a number of security vulnerabilities, including a zero-day flaw that the tech giant says is being exploited by hackers in real-world attacks.

The zero-day vulnerability (CVE-2021-30563) is a type confusion issue within the V8 component in Google Chrome, which could be used by a remote attacker to execute an arbitrary code on the vulnerable system by creating a malicious web page and tricking a victim into visiting it.

As always, Google has not disclosed any details on how, when and by whom the zero-day vulnerability has been exploited.

In addition, the new security update patches the following issues: out of bounds write in ANGLE (CVE-2021-30559), use after free in V8 (CVE-2021-30541), use after free in Blink XSLT (CVE-2021-30560), type confusion in V8 (CVE-2021-30561), use after free in WebSerial (CVE-2021-30562), and heap buffer overflow in WebXR (CVE-2021-30564). All these bugs could allow a remote attacker compromise a vulnerable system.

Chrome users are advised to update to the latest Chrome version by heading to Settings -> Help -> 'About Google Chrome'.

Back to the list

Latest Posts

Malicious actors target Kubernetes clusters via Argo Workflows

Malicious actors target Kubernetes clusters via Argo Workflows

In the observed attacks the threat actors deployed a popular cryptocurrency mining container, kannix/monero-miner.
26 July 2021
Kaseya obtains a decryptor for victims of the REvil ransomware attack

Kaseya obtains a decryptor for victims of the REvil ransomware attack

It's not clear, if the company paid any ransom.
23 July 2021
Chinese cyber-spies use hacked routers in attacks against French organizations

Chinese cyber-spies use hacked routers in attacks against French organizations

The hackers are hijacking home routers to build a proxy botnet in order to hide the origins of their attacks.
22 July 2021