Google fixes sixth Chrome zero-day exploited in the wild this year

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities. Among the 14 security vulnerabilities, one zero-day vulnerability was exploited in the wild and tracked as CVE-2021-30551.

Google has begun to roll out Google Chrome 91.0.4472.101 globally and will be available to all users within the next few days.

Though Google Chrome will automatically try to upgrade the browser while you open it the next time, however, you can perform a manual update by navigating to Settings > Help > About Google Chrome.

google chrome update
Google Chrome updated to the Latest Version 91.0.4472.101

Six Chrome zero-day exploited in the wild in 2021

Some information about today’s fixed zero-day vulnerability is currently available on the web and besides this, it is one kind of confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine.

The vulnerability was discovered by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.

Google says that they know that an exploit for CVE-2021-30551 exists in the wild.

Shane Huntley, Director of Google’s Threat Analysis Group, states that this zero-day was used by the same threat actors who used the Windows CVE-2021-33742 zero-day vulnerability which was later fixed by Microsoft.

Today’s update fixes Google Chrome’s sixth zero-day exploits in attacks this year, with five other listed below:

  • CVE-2021-21148 – February 4th, 2021
  • CVE-2021-21166 – March 2nd, 2021
  • CVE-2021-21193 – March 12th, 2021
  • CVE-2021-21220 – April 13th, 2021
  • CVE-2021-21224 – April 20th, 2021 

Besides this, a popular threat actor group named Puzzlemaker has been exploiting the browser’s sandbox and install the malware in Windows systems.

The threat actors are using these vulnerabilities to obtain access to the targeted system. The stager module downloads and executes a more complex malware dropper from a remote server.

As a part of the June 2021 Patch Tuesday, Microsoft released the fixes for the Windows vulnerabilities. However, Kaspersky couldn’t identify what Google Chrome vulnerabilities were used in the Puzzlemaker attacks.

Kaspersky assumes the attackers may have been utilizing the Google Chrome CVE-2021-2024 vulnerability but have not ruled out the use of further undisclosed Chrome zero-day vulnerabilities.

Are you looking for more software news? Stay tuned for the latest software news from top tech industries.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This