Google has newly pushed Chrome’s zero-day update for Windows, Linux, and Mac systems to patch up four security vulnerabilities, with one of them being a high severity zero-day bug.
Seventh Chrome zero-day of 2021:
Chrome’s zero-day, tracked as CVE-2021-30554, was addressed by Google and was being actively exploited in the wild.
The vulnerability officially counts as the seventh Chrome zero-day that has patched by the browser giant in 2021 alone.
It was found to be a consequence of use after free flaw persisting in the Web Graphics Library i.e WebGL API.
To those unaware, a Use After Free specifically refers to the attempt to access memory after it has been freed, which can cause a program to crash or, in the case of a Use-After-Free flaw, can potentially result in the execution of arbitrary code or even enable full remote code execution capabilities.
If a malicious entity would have successfully exploited the vulnerability, they could have been able to execute malicious code arbitrarily in systems using the widely-implemented Chrome browser.
The patched version, Chrome 91.0.4472.114, was released to the Stable desktop channel on 17th June and will be available to users all around the globe in the next few days.
Even though it was reported that the bug was being actively exploited in the wild, Google has refrained from providing any additional details of the attacks due to the zero-day.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” states Google regarding the Chrome zero-day. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Other critical vulnerabilities patched in the update:
Other than the aforementioned Chrome’s zero-day, the update also comes with security patches for three other high severity vulnerabilities.