Google’s Problems With in-the-Wild Chrome Browser Zero-Days


Google’s issues with zero-day exploits in the wild seem to be getting worse by the month.

The latest proof of this comes in the form of a recent Chrome point-update that addresses a pair of security flaws that impact Windows, MacOS, and Linux users. Both of these vulnerabilities – CVE-2021-21206 and CVE-2021-21220 – are being exploited in the wild, according to Google.

Google did not include any additional information about the attacks, nor did it include any IOCs to assist organisations in detecting symptoms of infection, as has become customary.

One of the bugs, dubbed “insufficient validation of untrusted input in V8 for x86 64,” was part of an exploit chain demonstrated at last week’s Pwn2Own marketing contest, according to the company.

The second bug under investigation is currently only defined as a use-after-free memory corruption flaw in Blink, Chrome’s rendering engine. The bug was identified anonymously, according to Google.

So far in 2021, Google has rushed out patches for at least three different zero-day attacks that have been discovered in the wild.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.