Google Chrome forced to fix yet another zero-day

Google spotted the vulnerability being exploited in the wild

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The latest version of the cross-platformChrome web browserfixes over a dozen security vulnerabilities including one that was being exploited in the wild.

The zero-day vulnerability, discovered byGoogleProject Zero, and tracked as CVE-2021-30551, is reportedly a type confusion bug that exists in V8, which is Google’sopen sourceWebAssembly andJavaScriptengine.

Although Google hasn’t shared much details about the vulnerability at the moment, it did acknowledge that an exploit based on it has been spotted in the wild.

Shane Huntley, Director of Google’s Threat Analysis Group, took to Twitter to share that this vulnerability was used by the same threat actors that earlier used one of the remote code exploitation vulnerabilities inWindowsthatMicrosoftfixed recently in itsJune 2021 Patch Tuesday.

Attack chain

Attack chain

Bleeping Computerreports that this is the sixth zero-day exploit that Google has fixed in its Chromeweb browserin 2021 alone.

This is significant in light of revelations bycybersecurityresearchers fromKasperskywho reported that a threat actor named PuzzleMaker recently exploited a chain of zero-day vulnerabilities in the Google Chrome browser and Microsoft Windows systems.

The threat actor used them to escape the browser’s sandbox and installmalwarein Windows in highly targeted attacks against multiple companies in April 2021.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While it is argued that PuzleMaker might have relied on the now patched Google Chrome CVE-2021-21224 vulnerability,Bleeping Computersuggests that Kaspersky has not ruled out the use of further undisclosed Chrome zero-day vulnerabilities.

ViaBleeping Computer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

New Secretlab Skins Lite let you overhaul the look of your chair for under $100