18 June 2021

Google fixes yet another Chrome 0Day exploited in the wild


Google fixes yet another Chrome 0Day exploited in the wild

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux designed to address four security vulnerabilities, including a zero-day bug exploited in the wild.

The zero-day vulnerability, tracked as CVE-2021-30554, is described as a use-after-free issue residing within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

In accordance with its security policy, Google refrained from publishing details of the vulnerability until the majority of users update their Chrome browsers.

Chrome users can update their browsers to the latest version by heading to Settings > Help > 'About Google Chrome'.

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities affecting Sharing, WebAudio, and TabGroups components in Chrome (CVE-2021-30555, CVE-2021-30556, CVE-2021-30557). All three bugs are use-after-three issues that allow a remote attacker to compromise a vulnerable system.

The new security update comes just a week after Google released the Chrome 91.0.4472.101 version that addressed 14 security vulnerabilities, including a zero-day flaw in V8 component said to be exploited in the wild.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021