Google has released an emergency fix for its Chrome browser app in Windows, Linux, and Mac. This consists of four vulnerabilities that include one Zero-day vulnerability with High severity. This is the eighth Zero-day vulnerability which is fixed by Google this year and is assigned with CVE-2021-30554. All the vulnerabilities in the advisory released on June 17th address a Use after free vulnerability sharing a high severity. Google recommends Chrome browser users to patch their applications immediately by installing version 91.0.4472.114.
Google’s Technical program manager, Srinivas Sista, added in the advisory,
Google is aware that an exploit for CVE-2021-30554 exists in the wild.
Google Chrome’s Sharing feature is the vulnerable component, which allows users to share any web page with others. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.
Google Chrome’s WebAudio is the vulnerable component, a Web API used to process audios in web applications. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24.
Google Chrome’s TabGroups is the vulnerable component; an API used to re-arrange and modify tab groups in browsers. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.
Google Chrome version before 91.0.4472.114.
The Use after free vulnerability allows attackers to execute arbitrary code on the affected system.
Google has released the security updates addressing the issue in Google Chrome version 91.0.4472.114.
SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.