Google Patched Another Actively Exploited Chrome Zero-Day

After fixing many zero-day bugs already, Google has more to do with Chrome after another vulnerability went under attack. Alongside this actively exploited zero-day, Google has also addressed many other flaws in the Chrome browser.

Google Chrome Zero-Day Exploited

As elaborated in its advisory, Google has addressed another zero-day in its Chrome browser. This seemingly marks the 8th zero-day in Chrome that experienced active exploitation in the wild.

Continuing with its practice to hide technical information to prevent further damages, this time too, Google hasn’t shared the details.

Nonetheless, it did state that the bug, CVE-2021-30563, is a high-severity type-confusion vulnerability in the V8 component. Regarding its active exploitation, the advisory reads,

Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.”

Google has acknowledged an anonymous researcher to report the bug recently on July 12, 2021. It shows the tech giant acted promptly to address the issue.

Other Fixes With Latest Chrome 91 Release

Alongside the zero-day referenced above, Google has also patched 7 other security issues with the Chrome browser.

A prominent bug receiving fix includes the high-severity out-of-bounds write vulnerability in ANGLE. CVE-2021-30559. The bug caught the attention of Seong-Hwan Park of SecunologyLab, who reported it to Google on June 11, 2021. The researcher has also won a bounty of $7500 for reporting this issue.

Another noteworthy fix arrived for a use after free flaw in V8 (CVE-2021-30541). Reporting this high-severity vulnerability made the researcher, Richard Wheeldon, earn $5000.

Besides, Google has patched 3 other high-severity bugs and a medium severity vulnerability as well.

All these fixes are now available to Chrome users with the release of 91.0.4472.164 for Windows, Mac, and Linux.

While it’s always important to keep the devices and apps up-to-date, given that this release addresses a zero-day under attack, users must ensure updating their devices at the earliest.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients