Google has just released Chrome 91.0.4472.101 emergency update for Windows, Mac and Linux to patch 14 security holes. Among these is a critical zero-day vulnerability (CVE-2021-30551) that is being actively exploited by hackers.
Currently, Google Chrome 91.0.4472.101 has started rolling out and is expected to be available to all users globally in the next few days.
Google Chrome will automatically update the browser the next time you run it. If you want to update yourself, you can go to Settings > Help > About Google Chrome.
Hackers have exploited up to 6 zero-day vulnerabilities on Chrome in 2021
Here are 5 other Google Chrome zero-day vulnerabilities that were exploited by hackers this year:
- CVE-2021-21148 – February 4, 2021
- CVE-2021-21166 – March 2, 2021
- CVE-2021-21193 – March 12, 2021
- CVE-2021-21220 – April 13, 2021
- CVE-2021-21224 – April 20, 2021
According to information from experts, a group of hackers called Puzzlemarker is chaining Google Chrome’s zero-day vulnerabilities to get out of the browser sandbox and install malware on Windows.
The researchers say that when combining both the Chrome and Windows vulnerabilities, hackers can get into the victim’s system to install malware. Microsoft has also patched the CVE-2021-33742 vulnerability in the June Patch Tuesday patch.
As of now, it’s not clear which Google vulnerability Puzzlemaker exploits. Security firm Kaspersky believes that hackers may have exploited the vulnerability CVE-2021-21224 but does not rule out the possibility that they use other vulnerabilities that Google has not discovered.