Google has rolled out an update for its Chrome web browser that fixes a range of vulnerabilities, including a zero-day flaw that has been known to be actively exploited in the wild. The security loopholes affect the Windows, macOS, and Linux versions of the popular browser.
“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” reads Google’s security update describing the newly disclosed zero-day vulnerability, that stems from a type confusion error in the V8 open-source JavaScript engine that is used in Chrome and other Chromium-based web browsers.
According to CyberSecurityHelp, a remote attacker could exploit the vulnerability by duping an unwitting victim into visiting a specially crafted website that they created, triggering the type confusion error, after which they could execute arbitrary code on the affected system. “Successful exploitation of this vulnerability may result in complete compromise of vulnerable system,” CyberSecurityHelp concluded.
Beyond the zero-day flaw, the new release fixes seven other security loopholes, with Google specifically listing six bugs where the fixes were contributed by external researchers. Five vulnerabilities were listed as high-severity, while one was classified as medium.
The tech titan hasn’t released any further details about the vulnerabilities. This is common practice as the company aims to give as many users as possible a chance to update their Chrome browsers to the newest available version and lower the chance of the security flaws being exploited by enterprising cybercriminals.
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) classified the vulnerabilities as extremely high risk. “Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system,” the agency warned.
Taking into account the disclosed vulnerabilities, both admins and users alike would do well to update their browsers to the latest version (91.0.4472.164) as soon as practicable. If you’ve enabled automatic updates, then your browser should update to the latest available version by itself. However, if not, you can also update your Chrome (or Chromium-based) browser manually by visiting the About Google Chrome section, which can be found under Help in the menu bar; other browsers are not susceptible to these vulnerabilities.