Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild.
The CVE-2021-30563 is a “type confusion” issue that affects the V8 JavaScript and WebAssembly engine.
“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” reads Google’s announcement.
Type confusion issues are logical bugs that result from confusion between object types, their exploitation would lead to browser crashes due to buffer overflow, they can also potentially lead to arbitrary code execution. The flaw was discovered by Sergei Glazunov from Google Project Zero.
The IT giant did not share info about the attacks exploiting the flaw either the nature of the threat actors.
None of the issues that were fixed by Google with the new release has been rated as critical, below there is the list of flaws addressed with the release of Google Chrome 91.0.4472.164:
This is the eighth zero-day flaw fixed by Google in the Chrome browser that was exploited by threat actors in the wild this year, the other ones are:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Google Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.