Google fixes actively exploited Chrome zero‑day

Google fixes actively exploited Chrome zero‑day

The latest Chrome update patches a bumper crop of security flaws across the browser’s desktop versions

Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors. The bugs affect the Windows, macOS, and Linux versions of the browser.

“Google is aware that an exploit for CVE-2021-30551 exists in the wild,” reads Google’s security update describing the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers. The vulnerability classified as high in severity was disclosed by Sergei Glazunov, a member of Google’s Project Zero bug-hunting squad.

While details about the security loophole remain sparse, Shane Huntley, Director of Google Security’s Threat Analysis Group (TAG), tweeted that the threat actor that has been exploiting this vulnerability has also been targeting another zero-day.

Tracked as CVE-2021-33742, the latter is a remote code execution vulnerability in the Windows MSHTML platform and it impacts all supported versions of the Microsoft Windows operating system. This vulnerability was discovered by Clément Lecigne, also of Google’s TAG, and was plugged as part of Microsoft’s Patch Tuesday cycle earlier this week.

Chrome in-the-wild vulnerability CVE-2021-30551 patch ..