Recently, Google has fixed a vulnerability tracked as CVE-2021-30551 from its browser, arises in the V8 open-source engine.
In addition to this, several other flaws in Windows, MacOs and Linux have also been addressed. These include CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, and CVE-2021-30550.
The vulnerability CVE-2021-30551 was discovered by Google Project Zero’s Sergei Glazunov. This vulnerability has been used in active exploit and thus Chrome as the priority on the top for this patch.
As per the Shane Huntley, the director of Google’s Threat Analysis Group, the CVE-2021-30551 vulnerability was exploited by the malicious actors who did CVE-2021-33742 leverage. The latter one is an actively exploited remote code execution bug in Windows MSHTML platform.
Microsoft addressed the vulnerability CVE-2021-33742 with its Patch Tuesday update on June 8. This vulnerability is a critical one with a CVSS 7.5 rating.
A commercial exploit broker provided the two two-zero day vulnerabilities to nation-state actor. The later one utilized the zero days in limited attacks, targeting Eastern and Middle-East Europe.
Google Said in the blog post today that “the Stable channel has been updated to 91.0.4472.101 for Windows, Mac and Linux which will roll out over the coming days/weeks.” You should check if you are using the latest version of the Google Chrome.