Google closes zero-day vulnerability in Chrome that is actively being abused
Google has updated its Chrome browser with patches for eight vulnerabilities, including a serious zero-day vulnerability that is actively exploited by criminals. The vulnerability is in the JavaScript engine.
Google has updated Chrome to version 91.0.4472.164 to fix the vulnerabilities. It concerns the browser for Windows, Mac and Linux, which is automatically updated after a browser restart.
It concerns eight vulnerabilities, of which the severity of seven is rated as high and that of the remaining ones as medium. Three involve the V8 engine for rendering JavaScript and WebAssembly and the most serious is the July 12 discovered CVE-2021-30563 as it is actively exploited according to Google.
It is a Type Confusion vulnerability, but the company does not yet provide more details. However, Sergei Glazunov of Google Project Zero also discovered a Type Confusion vulnerability in Chrome a month earlier, which is a different vulnerability. Once a majority of users have updated their browser, Google will announce more details, so the company promises.