Google Chrome patches yet another serious security vulnerability

(Image credit: Pixabay)

As it put out the latest stable build of the cross-platform Chrome web browser, Google noted that the build bundles eight security fixes, including one that it was aware was being exploited in the wild. 

Six of the patched Chrome vulnerabilities have a High severity rating, and have been flagged by various cybersecurity researchers from around the world including its own Google Project Zero.

However the discovery of the zero-day vulnerability, tracked as CVE-2021-30563, is credited to an anonymous researcher and was originally reported earlier this week.

“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” Google said in its terse acknowledgement of the exploit.

Update without delay

Described as a type confusion bug in Google's open source WebAssembly and JavaScript engine, V8, Google didn’t share additional details about the vulnerability or how it was being exploited in the wild, and for good reason.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” observed Google as it urged users to update to the latest release. 

Reporting on the patched security issues, BleepingComputer notes that CVE-2021-30563 brings the total number of patched zero-day vulnerabilities in Google’s web browser in 2021, to eight.

While unraveling four zero-day flaws in popular web browsers, members of Google’s Threat Analysis Group (TAG), recently observed that some of them were developed by a commercial surveillance company, which then sold them to different government-backed actors.

Meanwhile, the new Chrome release has begun rolling out in Chrome’s Stable channel and will become available to all users over the following days. 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.