Critical Chrome 0-Day Vulnerability Exploited in Wide – Update Your Chrome Now!!

Google recently updated its Chrome web browser on an emergency basis, since for the 8th consecutive time in a row Google fixed critical 0-day vulnerabilities this year.

Apart from this, a 0-day vulnerability generally refers to a security vulnerability that has not yet been patched. That’s why as a fix for the recently detected 0-day and 6 other security vulnerabilities, Google released Chrome desktop version 91.0.4472.164 for all the major platforms like:-

  • Windows
  • Mac
  • Linux

Ninth 0-day patched this year

The cybersecurity experts at Google tracked the 0-day vulnerability as, CVE-2021-30563, and they also claimed that an exploit for this 0-day vulnerability exists in the wild, and it’s reported by an external contributor.

This 0-day vulnerability is a “Type Confusion in V8,” and the security experts at Google marked this 0-day with a high severity tag.

Since the start of 2021 in total, Google has now fixed 9 0-day vulnerabilities in the Chrome browser, and here’s the list of all 0-day flaws fixed by Google this year is mentioned below:-

CVE-2021-21148 – Heap buffer overflow in V8 (February 4th, 2021)

CVE-2021-21166 – Object recycle issue in audio (March 2nd, 2021)

CVE-2021-21193 – Use-after-free in Blink (March 12th, 2021)

CVE-2021-21206 – Use-after-free in Blink (April 7th, 2021)

CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64 (April 13th, 2021)

CVE-2021-21224 – Type confusion in V8 (April 20th, 2021)

CVE-2021-30551 – Type confusion in V8 (June 9th, 2021)

CVE-2021-30554 – Use-after-free in WebGL (June 17th, 2021)

CVE-2021-30563 – Type confusion in V8 (July 15th, 2021)

Moreover, along with this critical 0-day vulnerability, Google also patched other 6 security flaws, and here they are mentioned below:-

  • CVE-2021-30559 (High Severity)

Out of bounds write in ANGLE, and it’s reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11.

  • CVE-2021-30541 (High Severity)

Use after free in V8, and it’s reported by Richard Wheeldon on 2021-05-31.

  • CVE-2021-30560 (High Severity)

Use after free in Blink XSLT, and it’s reported by Nick Wellnhofer on 2021-06-12.

  • CVE-2021-30561 (High Severity)

Type Confusion in V8 and it’s reported by Sergei Glazunov of Google Project Zero on 2021-06-14.

  • CVE-2021-30562 (High Severity)

Use after free in WebSerial and it’s reported by Anonymous on 2021-06-15.

  • CVE-2021-30564 (Medium Severity)

Heap buffer overflow in WebXR and it’s reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17.

However, the cybersecurity researchers at Google have not yet disclosed publicly any key details or the specific circumstances of CVE-2021-30563.

As Google has affirmed that the security fix for this 0-day flaw will become available to all users globally over the following days since Google has started rolling out this new update globally to the Stable desktop channel.

Apart from all these things, Google has asserted that this update will be implemented automatically, but, still, in case, if you want then you can check the update manually, and to do so, you have to follow the below-mentioned steps:-

  • First, you have to open the “Settings” option.
  • Then you have to select the “Help” option.
  • Finally, select the “About Google Chrome” option.
  • That’s it, now you are done.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…

1 hour ago

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…

1 hour ago

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

3 hours ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

3 hours ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

4 hours ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

4 hours ago