Late Tuesday, Google released another critical security patch for its famous Chrome browser, warning that attackers are actively exploiting one of the zero-day vulnerabilities.
This is the fourth in-the-wild Chrome zero-day discovered in 2021, and security experts are scratching their heads about the lack of IOC details or other concrete knowledge about the attacks.
The latest Chrome update — 90.0.4430.85 — is now available for Windows, Mac, and Linux users via the browser’s automatic update mechanism.
The update fixes seven security flaws, according to a Google Chrome warning, but the company only provided one-line documentation and CVE IDs for five of them.
CVE-2021-21224 is the name of the exploited vulnerability, which is simply defined as a “type misunderstanding” in the V8 Chrome rendering engine. Jose Martinez (tr0y4) of VerSprite Inc. was credited with reporting the vulnerability to Google.
Google said, “Google is aware of reports that exploits for CVE-2021-21224 exist in the wild.”
A heap buffer overflow in V8, an integer overflow bug in Mojo, an out-of-bounds memory access problem in V8, and a use-after-free flaw in Navigation are all fixed by the Chrome update.