The latest version of the cross-platform Chrome web browser (opens in new tab) fixes over a dozen security vulnerabilities including one that was being exploited in the wild.
Although Google hasn’t shared much details about the vulnerability at the moment, it did acknowledge that an exploit based on it has been spotted in the wild.
- Protect your devices with these best antivirus software (opens in new tab)
- We’ve also rounded up the best ransomware protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
Shane Huntley, Director of Google's Threat Analysis Group, took to Twitter to share that this vulnerability was used by the same threat actors that earlier used one of the remote code exploitation vulnerabilities in Windows (opens in new tab) that Microsoft fixed recently in its June 2021 Patch Tuesday (opens in new tab).
Bleeping Computer reports that this is the sixth zero-day exploit that Google has fixed in its Chrome web browser (opens in new tab) in 2021 alone.
This is significant in light of revelations by cybersecurity (opens in new tab) researchers from Kaspersky (opens in new tab) who reported that a threat actor named PuzzleMaker recently exploited a chain of zero-day vulnerabilities in the Google Chrome browser and Microsoft Windows systems.
The threat actor used them to escape the browser's sandbox and install malware (opens in new tab) in Windows in highly targeted attacks against multiple companies in April 2021.
While it is argued that PuzleMaker might have relied on the now patched Google Chrome CVE-2021-21224 vulnerability, Bleeping Computer suggests that Kaspersky has not ruled out the use of further undisclosed Chrome zero-day vulnerabilities.
- We've put together a list of the best endpoint protection (opens in new tab) software
Via Bleeping Computer (opens in new tab)