Google’s Ongoing Struggles With in-the-Wild Zero-Day Attacks

Google

Google’s persistent battles with zero-day assaults against its Chrome browser in the wild aren’t going away anytime soon.

For the sixth time this year, Google has released a Chrome point-update to address code execution flaws that are already being exploited by malevolent hackers, according to the firm.

In a Thursday advisory, Google stated, “Google is aware that an attack for CVE-2021-30554 exists in the wild.” It’s a use-after-free flaw in WebGL, the JavaScript API for rendering graphics without the need for plugins.

The weakness has been classified as “high-risk” by Google, which has begun sending the latest patch to users via the browser’s automatic-update mechanism.

Google provided no other information about the attacks other than the fact that they were reported anonymously two days ago, on June 15, 2021.

Users of Microsoft Windows, Apple macOS, and Linux can download Chrome version 91.0.4472.114.

Google also corrected three other memory corruption vulnerabilities in WebAudio, TabGroups, and Sharing, in addition to the zero-day attack.

There have been a record number of zero-day assaults this year, with Google fixing six of them in its Chrome browser. A total of 47 in-the-wild assaults targeting software weaknesses unknown even to the manufacturer have been disclosed by zero-day trackers.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.