Google rushes out fix for zero‑day vulnerability in Chrome

Google rushes out fix for zero‑day vulnerability in Chrome

The update patches a total of seven security flaws in the desktop versions of the popular web browser

Google has released an update for its Chrome web browser that fixes a range of security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser.

“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers.

Beyond the zero-day flaw, the new release fixes six other security loopholes, with Google specifically listing four high-severity vulnerabilities where fixes were contributed by external researchers. The first, indexed as CVE-2021-21222, also affects the V8 engine, however this time it is a heap buffer-overflow bug.

The second flaw tracked as CVE-2021-21225 also resides in the V8 component and manifests as an out-of-bounds memory access bug. As for CVE-2021-21223, it is found to affect Mojo as an integer overflow bug. The fourth high-severity vulnerability, labeled  google rushes vulnerability chrome