Google has actually launched Chrome 91.0.4472.101 for Windows, Mac, and Linux to repair 14 security vulnerabilities, with one zero-day vulnerability made use of
in the wild and tracked as CVE-2021-30551. Google Chrome 91.0.4472.101 has actually begun presenting worldwide and will appear to all users over the next couple of days.
Google Chrome will immediately try to update the web browser the next time you introduce the program, however you can carry out a manual upgrade by going to Settings > > > Help >‘About Google Chrome
in the wild in 2021 Couple of information concerning today’s repaired zero-day vulnerability are presently offered besides that it is a type confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine.
The vulnerability was found by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.
Google mentions that they are “conscious that a make use of for CVE-2021-30551 exists in the wild.”
Shane Huntley, Director of Google’s Threat Analysis Group, states that this zero-day was made use of by the very same hazard stars utilizing the Windows CVE-2021-33742 zero-day repaired the other day by Microsoft.
Chrome in-the-wild vulnerability CVE-2021-30551 covered today was likewise from the exact same star and targeting.Thanks to Chrome group for likewise covering within 7 days.https:// t.co/ 1RDbbuiBfY https://t.co/Ap9dEq98Cy– Shane Huntley(@ShaneHuntley)June 9, 2021 Today’s upgrade repairs Google Chrome’s 6th zero-day made use of in attacks this year, with the other 5 noted below: CVE-2021-21148-February 4th, 2021 CVE-2021-21166-March 2nd, 2021 CVE-2021-21193-March 12th, 2021
CVE-2021-21220 -April 13th, 2021 CVE-2021-21224-April 20th, 2021 In addition to these vulnerabilities, news broke the other day of a
- danger star group referred to as Puzzlemaker that is chaining together Google Chrome zero-day bugs to leave the internet browser’s sandbox and set up malware in Windows.”Once the opponents have actually utilized both the Chrome and Windows exploits to get a grip in the targeted system, the stager module downloads and carries out a more intricate malware dropper from a remote server,”the scientists stated. Microsoft repaired the Windows vulnerabilities the other day as part of the June 2021 Patch Tuesday, however Kaspersky might
not identify what Google Chrome vulnerabilities were utilized in the Puzzlemaker attacks. Kaspersky thinks the aggressors might have been utilizing the Google Chrome CVE-2021-21224 vulnerability however have actually not eliminated making use of additional concealed Chrome zero-day vulnerabilities. Source
Tags
Google, Security, Software
You may also like