Google patches Chrome Zero-day being exploited in the wild

Google has released an urgent fix for their Chrome browser to desktop users for a recently discovered vulnerability that is being actively exploited.

CVE-2021-30563 is a type confusion bug in V8, Chrome’s Javascript engine. Google has not released more details regarding the bug.

“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” their advisory notes.

The update, which takes the browser to Chrome 91.0.4472.164 for Windows, Mac, and Linux, patches seven other security vulnerabilities in total.

The other bugs fixed include:

• [$7500][1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11
• [$5000][1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31
• [$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12
• [$TBD][1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14
• [$TBD][1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15
• [$TBD][1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12
• [$TBD][1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

Given that the bug is being exploited in the wild, it is recommended that users update their browser by going to Settings > Help > ‘About Google Chrome.’

via BleepingComputer