[BreachExchange] Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Fri Jul 16 11:29:22 EDT 2021


https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

Google has pushed out a new security update to Chrome browser for Windows,
Mac, and Linux with multiple fixes, including a zero-day that it says is
being exploited in the wild.

The latest patch resolves a total of eight issues, one of which concerns a
type confusion issue in its V8 open-source and JavaScript engine
(CVE-2021-30563). The search giant credited an anonymous researcher for
reporting the flaw on July 12.

As is usually the case with actively exploited flaws, the company issued a
terse statement acknowledging that "an exploit for CVE-2021-30563 exists in
the wild" while refraining from sharing full details about the underlying
vulnerability used in the attacks due to its serious nature and the
possibility that doing so could lead to further abuse.

CVE-2021-30563 also marks the ninth zero-day addressed by Google to combat
real-world attacks against Chrome users since the start of the year —

   - CVE-2021-21148 - Heap buffer overflow in V8
   - CVE-2021-21166 - Object recycle issue in audio
   - CVE-2021-21193 - Use-after-free in Blink
   - CVE-2021-21206 - Use-after-free in Blink
   - CVE-2021-21220 - Insufficient validation of untrusted input in V8 for
   x86_64
   - CVE-2021-21224 - Type confusion in V8
   - CVE-2021-30551 - Type confusion in V8
   - CVE-2021-30554 - Use-after-free in WebGL

Chrome users are advised to update to the latest version (91.0.4472.164) by
heading to Settings > Help > 'About Google Chrome' to mitigate the risk
associated with the flaw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210716/14fa6f76/attachment.html>


More information about the BreachExchange mailing list