Google has released Chrome 91 security update 91.0.4472.101 for Windows, Mac and Linux with fixes for multiple Critical or High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30551 exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of the Chrome security update, Google patched one Critical and seven High severity vulnerabilities in all (CVE highlighted in bold with known exploit in wild):
- Critical CVE-2021-30544: Use after free in BFCache.
- High CVE-2021-30545: Use after free in Extensions.
- High CVE-2021-30546: Use after free in Autofill.
- High CVE-2021-30547: Out of bounds write in ANGLE.
- High CVE-2021-30548: Use after free in Loader.
- High CVE-2021-30549: Use after free in Spell check.
- High CVE-2021-30550: Use after free in Accessibility.
- High CVE-2021-30551: Type Confusion in V8.
Google said it “is aware that an exploit for CVE-2021-30551 exists in the wild.”
The update follows just after Microsoft’s June Patch Tuesday security updates, which included fixes for six zero-day vulnerabilities. One of those addresses an Internet Explorer’s Windows MSHTML Platform remote code execution vulnerability CVE-2021-33742.
- Google releases Chrome security update (91.0.4472.77)
- Chrome security update fixes zero-day (CVE-2021-21224) and 6 other vulnerabilities
- Chrome security update (89.0.4389.90) fixes zero-day exploited in the wild (CVE-2021-21193)
- Microsoft June 2021 Security Updates includes fixes for 6 zero-day vulnerabilities
- Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’