Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux designed to address four security vulnerabilities, including a zero-day bug exploited in the wild.

The zero-day vulnerability, tracked as CVE-2021-30554, is described as a use-after-free issue residing within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

In accordance with its security policy, Google refrained from publishing details of the vulnerability until the majority of users update their Chrome browsers.

Chrome users can update their browsers to the latest version by heading to Settings > Help > 'About Google Chrome'.

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities affecting Sharing, WebAudio, and TabGroups components in Chrome (CVE-2021-30555, CVE-2021-30556, CVE-2021-30557). All three bugs are use-after-three issues that allow a remote attacker to compromise a vulnerable system.

The new security update comes just a week after Google released the Chrome 91.0.4472.101 version that addressed 14 security vulnerabilities, including a zero-day flaw in V8 component said to be exploited in the wild.


Back to the list

Latest Posts

AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025