Zero-day vulnerability is being exploited in Google Chrome. Update now

Google announced the release of a new update for the Chrome web browser. Version 91.0.4472.164 will be available for Windows, Mac and Linux systems and addresses seven severe flaws, including a zero-day vulnerability considered critical and that has already been exploited in the wild.

This flaw, tracked as CVE-2021-30563, was described as a type confusion issue affecting the JavaScript and WebAssembly V8 engine: “We are aware of the existence of a zero-day exploit for a severe vulnerability in the wild,” the company report says.

On this kind of errors, specialists mention that their exploitation could result in the abuse of multiple browser-based faults due to a buffer overflow; this attack could even allow arbitrary code to run.

The zero-day vulnerability was detected by Sergei Glazunov of Google Project Zero, although no further details were shared about the exploitation of this flaw. Below is a list of all the flaws addressed by the latest Chrome update:

  • CVE-2021-30559: Write Out of Bounds to ANGLE
  • CVE-2021-30541: Use After Free in V8
  • CVE-2021-30560: Use it after for free in Blink XSLT
  • CVE-2021-30561: Type Confusion in V8
  • CVE-2021-30562: Use after free in WebSerial
  • CVE-2021-30563: Type Confusion in V8
  • CVE-2021-30564: Stack buffer overflow in WebXR

At the moment no additional details are known about the flaws and the hacking groups associated with their active exploitation, this in order that other hacker groups do not learn to abuse the flaw. Either way, Chrome users on the various operating systems are advised to update the web browser to the secure version released by Google before it is too late.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.