Google patches 8th Chrome zero-day exploited in the wild this year
Google released Chrome 91.0.4472.164 for Windows, Mac, and Linux to patch seven security vulnerabilities in which one of them is a high severity zero-day vulnerability that was being exploited in the wild.
Google was aware that an exploit for CVE-2021-30563 existed in the wild.
The new Chrome release has started rolling out worldwide to the Stable desktop channel and will become available to all users over the following days.
Google Chrome will automatically update itself on the next launch. It is possible for the users to even manually update it by checking for the newly released version from Settings > Help > ‘About Google Chrome.’
The zero-day patched now which was reported by Google Project Zero’s Sergei Glazunov is described as a type confusion bug in V8, Google’s open-source C++-based and high-performance WebAssembly and JavaScript engine.
Type confusion weaknesses would generally lead to browser crashes following successful exploitation by reading or writing memory out of the bounds of the buffer. But they can also be exploited by threat actors to execute arbitrary code on devices running vulnerable software.
Google however did not share any info regarding the attacks to allow the security update to deploy on as many systems as possible before more threat actors start actively abusing.
Google has patched eight Chrome zero-day bugs exploited by attackers in the wild since this year.
The post Google patches 8th Chrome zero-day exploited in the wild this year first appeared on Cybersafe News.