Google is warning its users about a new zero-day exploit on its web browser, Chrome.
Project Zero Security Team specialists have reported this threat that is now being used to actively exploit computers and other Chrome security flaws.
In a move to fight off this threat, the tech company is releasing a new version of Chrome for Windows, macOS, and Linux.
- Google Chrome users advised to update their browsers now
- Surfing in public? You might want to try Google’s new VPN service
- Google Chrome integrates web vitals HUD that offers real-time web page performance
It is not the first time that Google’s web browser, Chrome, has been under attack through a zero-day vulnerability. And as always, Google released Chrome updates to address the threats.
Chrome update is to address zero-day exploit
The latest update released by Google is Chrome version 91.0.4472.101. It includes 14 security fixes relating to vulnerabilities depending on their severity. The zero-day vulnerability is known as CVE-2021-30551.
Sergei Glazunov, another specialist from Google Project Zero, and members of Google’s Threat Analysis Group first reported the threat on June 4.
Unfortunately, they didn’t provide many details about the security flaw. However, the group “is aware that an exploit for CVE-2021-30551 exists in the wild.”
Google’s Threat Analysis Group director, Shane Huntley, shared on Twitter on June 9 that CVE-2021-30551 is related to a Windows vulnerability. Additionally, CVE-2021-33742 is related to a Microsoft vulnerability that the company was able to patch up the previous day.
Furthermore, Huntley said that both vulnerabilities “seem to be a commercial exploit company providing capability for limited nation state Eastern Europe / Middle East targeting” and that Google plans to disclose more details about its findings soon.
It has also been reported that Google has patched five other zero-day vulnerabilities that are being actively exploited in Chrome just this year. According to the report, Google was able to patch up the vulnerability a day after it was exploited by PuzzleMaker.
The attacker was believed to have conducted “a wave of highly targeted attacks against multiple companies” that “exploited a chain of Google Chrome and Microsoft Windows zero-day exploits” back in April.
Google warns its over 2 billion users worldwide
The company listed 10 other flaws addressed by Chrome 91.0.4472.101 in the update’s release notes. Two of these flaws are said to be of medium severity, seven of high severity.
Meanwhile, one of the flaws has been tagged as of critical severity –– as defined by the Google Chromium Severity Guidelines for Security Issues.
Additional information about the flaws, their CVE identifiers, and the amount Google will pay its researchers who discovered the vulnerabilities –– can all be found in the release notes.
The latest Chrome 91.0.4472.101 is now available. The update “will roll out over the coming days/weeks” to Chrome users who depend on automatic updates to get the latest version of the browsers, said Google.
However, those who are willing to manually install the update themselves can already do so. Users are encouraged to just follow the instructions on the Chrome website.