Google Chrome Patches Another High Severity Zero-Day Flaw Exploited in the Wild

Google Chrome Patches Another High Severity Zero-Day Flaw Exploited in the Wild

Google has released an emergency fix for its Chrome browser app in Windows, Linux, and Mac. This consists of four vulnerabilities that include one Zero-day vulnerability with High severity. This is the eighth Zero-day vulnerability which is fixed by Google this year and is assigned with CVE-2021-30554. All the vulnerabilities in the advisory released on June 17th address a Use after free vulnerability sharing a high severity. Google recommends Chrome browser users to patch their applications immediately by installing version 91.0.4472.114.


Zero-Day CVE-2021-30554

Google Chrome’s WebGL is the vulnerable component, a JavaScript API that is basically used to offer interactive 2D and 3D graphics in any compatible web browser without using any plug-ins. This use after free vulnerability can be used by attackers to execute any arbitrary code. The issue was reported by an anonymous person on 2021-06-15.

Google’s Technical program manager, Srinivas Sista, added in the advisory,

Google is aware that an exploit for CVE-2021-30554 exists in the wild.


Other Vulnerabilities

CVE-2021-30555

Google Chrome’s Sharing feature is the vulnerable component, which allows users to share any web page with others. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.

CVE-2021-30556

Google Chrome’s WebAudio is the vulnerable component, a Web API used to process audios in web applications. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24.

CVE-2021-30557

Google Chrome’s TabGroups is the vulnerable component; an API used to re-arrange and modify tab groups in browsers. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.


Affected Products

Google Chrome version before 91.0.4472.114.


Impact

The Use after free vulnerability allows attackers to execute arbitrary code on the affected system.


Solution

Google has released the security updates addressing the issue in Google Chrome version 91.0.4472.114.


SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments