In the newest Google Chrome Zero-Day developments, the web browsing giant has rolled out a security update for yet another zero-day vulnerability that was being actively exploited in the wild, amongst other security fixes.
Patching the Google Chrome zero-day and other flaws in update:
Providing the details of the Google Chrome zero-day, the software company noted of being aware of the active exploitation of the zero-day, tracked as CVE-2021-30551 and classifieds as high-severity, in their security update report.
The Google Chrome zero-day reportedly affects Windows, Linux, and the macOS versions of the browser. This bug was disclosed by Google Project Zero’s security expert, Sergei Glazunov.
The exact particulars or details of the zero-day have not been disclosed by Google, however, researchers have stated that malicious entities that have been exploiting this zero-day, have also targeted another zero-day.
The other zero-day, tracked as CVE-2021-33742, is apparently a remote code execution bug within Windows MSHTML and affects supported versions of the Windows OS.
To the unaware, MSHTML was introduced in Microsoft Internet Explorer 4.0. and it is the main HTML component of the Windows Internet Explorer browser which can also be used in other applications. It hosts Microsoft ActiveX Controls and supports the OLE Control ’96 (OC96) specification for windowless controls.
This particular zero-day was patched in the latest Microsoft Patch Tuesday.
Critical bugs in Chrome:
The Google Chrome update also addresses 14 other security vulnerabilities in the browser, out of which, nine of the vulnerabilities were contributed a fix for by external security research, as Google specifically lists.
Six of these security holes that were addressed were slated as high-severity, two as medium severity, and while one was characterized as having the critical-severity rating.
Users have been recommended to update to the latest Google Chrome Version91.0.4472.101 to patch up the security vulnerabilities along with the zero-day so as to mitigate any security hazards.