Google releases update for actively attacked zero-day leak in Chrome


Google has released a security update for Chrome that fixes an actively attacked zero-day vulnerability in the browser. As far as is known, it is the fifth zero-day leak of this year in Chrome for which Google is rolling out a patch. The vulnerability, designated CVE-2021-30551, resides in the V8 JavaScript engine that Chrome and other browsers use to execute JavaScript.


The impact of the vulnerability has been rated "high". This case concerns leaks that allow an attacker to execute code within the context of the browser. It is then possible, for example, to read or adjust data from other websites. Vulnerabilities to escape from the Chrome sandbox are also included. The vulnerability in itself is not sufficient to take over a system. This would require a second vulnerability, for example in the underlying operating system.


Details about the observed attacks, such as the number of victims, when the attacks took place and how, were not provided by Google. The tech company discovered the zero-day leak itself on June 3. Users are advised to update to Google Chrome 91.0.4472.101 , which is available for Linux, macOS, and Windows. This will happen automatically on most systems. Microsoft Edge Chromium is based on the Chromium browser just like Chrome. It is expected that Microsoft will soon come up with an update for its own browser.


On February 4 , 2 March , March 12 and April 13 of this year Google even came up with security updates for active attacked zerodaylekken in Chrome. Last year, as far as is known, a total of six zero-day leaks were used against Google Chrome users.

Previous Post Next Post