As it put out the latest stable build of the cross-platform Chrome web browser, Google noted that the build bundles eight security fixes, including one that it was aware was being exploited in the wild.
Six of the patched Chrome vulnerabilities have a High severity rating, and have been flagged by various cybersecurity researchers from around the world including its own Google Project Zero.
However the discovery of the zero-day vulnerability, tracked as CVE-2021-30563, is credited to an anonymous researcher and was originally reported earlier this week.
- We’ve rounded up the best anonymous browsers
- Protect your devices with these best antivirus software
- These are the best ransomware protection tools
“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” Google said in its terse acknowledgement of the exploit.
Update without delay
Described as a type confusion bug in Google's open source WebAssembly and JavaScript engine, V8, Google didn’t share additional details about the vulnerability or how it was being exploited in the wild, and for good reason.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” observed Google as it urged users to update to the latest release.
Reporting on the patched security issues, BleepingComputer notes that CVE-2021-30563 brings the total number of patched zero-day vulnerabilities in Google’s web browser in 2021, to eight.
While unraveling four zero-day flaws in popular web browsers, members of Google’s Threat Analysis Group (TAG), recently observed that some of them were developed by a commercial surveillance company, which then sold them to different government-backed actors.
Meanwhile, the new Chrome release has begun rolling out in Chrome’s Stable channel and will become available to all users over the following days.
- Here's our choice of the best malware removal software on the market
