Home Tech News Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers

Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers

by Total Drivers

Google has just released Chrome 91.0.4472.101 emergency update for Windows, Mac and Linux to patch 14 security holes. Among these is a critical zero-day vulnerability (CVE-2021-30551) that is being actively exploited by hackers.

Currently,  Google Chrome 91.0.4472.101 has started rolling out and is expected to be available to all users globally in the next few days.

Google Chrome will automatically update the browser the next time you run it. If you want to update yourself, you can go to  Settings > Help > About Google Chrome.

Hackers have exploited up to 6 zero-day vulnerabilities on Chrome in 2021

Although 2021 is only halfway over, there have been 6 zero-day vulnerabilities on Google Chrome that were exploited by hackers before being patched. The newly patched vulnerability stems from a confusion about the V8 style, open source and C WebAssembly and Google’s JavaScript engine.

Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers
Only half of 2021 has passed, but hackers have exploited up to 6 serious zero-day vulnerabilities on Chrome

Here are 5 other Google Chrome zero-day vulnerabilities that were exploited by hackers this year:

  • CVE-2021-21148 – February 4, 2021
  • CVE-2021-21166 – March 2, 2021
  • CVE-2021-21193 – March 12, 2021
  • CVE-2021-21220 – April 13, 2021
  • CVE-2021-21224 – April 20, 2021

According to information from experts, a group of hackers called Puzzlemarker is chaining Google Chrome’s zero-day vulnerabilities to get out of the browser sandbox and install malware on Windows.

The researchers say that when combining both the Chrome and Windows vulnerabilities, hackers can get into the victim’s system to install malware. Microsoft has also patched the CVE-2021-33742 vulnerability in the June Patch Tuesday patch.

As of now, it’s not clear which Google vulnerability Puzzlemaker exploits. Security firm Kaspersky believes that hackers may have exploited the vulnerability CVE-2021-21224 but does not rule out the possibility that they use other vulnerabilities that Google has not discovered.

You may also like

Leave a Comment