Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux designed to address four security vulnerabilities, including a zero-day bug exploited in the wild.
The zero-day vulnerability, tracked as CVE-2021-30554, is described as a use-after-free issue residing within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
In accordance with its security policy, Google refrained from publishing details of the vulnerability until the majority of users update their Chrome browsers.
Chrome users can update their browsers to the latest version by heading to Settings > Help > 'About Google Chrome'.
In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities affecting Sharing, WebAudio, and TabGroups components in Chrome (CVE-2021-30555, CVE-2021-30556, CVE-2021-30557). All three bugs are use-after-three issues that allow a remote attacker to compromise a vulnerable system.
The new security update comes just a week after Google released the Chrome 91.0.4472.101 version that addressed 14 security vulnerabilities, including a zero-day flaw in V8 component said to be exploited in the wild.