Google has released an emergency fix for its Chrome browser app in Windows, Linux, and Mac. This consists of four vulnerabilities that include one Zero-day vulnerability with High severity. This is the eighth Zero-day vulnerability which is fixed by Google this year and is assigned with CVE-2021-30554. All the vulnerabilities in the advisory released on June 17th address a Use after free vulnerability sharing a high severity. Google recommends Chrome browser users to patch their applications immediately by installing version 91.0.4472.114.
Zero-Day CVE-2021-30554
Google Chrome’s WebGL is the vulnerable component, a JavaScript API that is basically used to offer interactive 2D and 3D graphics in any compatible web browser without using any plug-ins. This use after free vulnerability can be used by attackers to execute any arbitrary code. The issue was reported by an anonymous person on 2021-06-15.
Google’s Technical program manager, Srinivas Sista, added in the advisory,
Google is aware that an exploit for CVE-2021-30554 exists in the wild.
Other Vulnerabilities
CVE-2021-30555
Google Chrome’s Sharing feature is the vulnerable component, which allows users to share any web page with others. The vulnerability is also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.
CVE-2021-30556
Google Chrome’s WebAudio is the vulnerable component, a Web API used to process audios in web applications. The Google chrome vulnerabilities are also a high severity flaw that allows attackers to cause a use after free. This issue was reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24.
CVE-2021-30557
Google Chrome’s TabGroups is the vulnerable component; an API used to re-arrange and modify tab groups in browsers. The Google chrome vulnerabilities are also a high severity flaw that allows attackers to cause a use after free. This issue was reported by David Erceg on 2021-06-01.
Affected Products
Google Chrome version before 91.0.4472.114.
Impact
Hence ,the Use after free vulnerability allows attackers to execute arbitrary code on the affected system.
Solution
Google has released the security updates addressing the issue in Google Chrome version 91.0.4472.114.
SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. Thus,we strongly recommend applying the security updates as soon as possible following the instructions published in our support article which is now replaced by support article .