A new Zero-day vulnerability was reported to Google anonymously on June 15, according to Srinivas Sista, Chrome’s technical program manager. The flaw has been tracked as CVE-2021-30554 and, as per the information that is available, Google is aware that an attack for this flaw exists in the wild.
The high-severity zero-day concerns Use After Free WebGL (aka Web Graphics Library), a JavaScript API for displaying dynamic 2D and 3D graphics inside the browser.
The flaw’s successful exploitation may result in the corruption of valid data, which, in turn, may cause a crash. Malicious actors may also take advantage of the flaw by possibly executing arbitrary commands or malicious code.
Following the report, Google has released a new version of Chrome for Windows, Mac, and Linux that addresses this critical zero-day and three more security flaws.
Due to security reasons, no additional details of the high-severity vulnerability have been revealed, and it is not clear who is the threat actor that is exploiting it. As per the norm, more information will be published only after the majority of users update their browser with the patch.
CVE-2021-30554 is Google’s ninth zero-day vulnerability fixed since the beginning of the year. A week ago, Google patched another zero-day vulnerability used in active attacks (CVE-2021-30551). Clearly, the company is working actively on making Chrome a safe and reliable browser.
On June 8, Shane Huntley, Director of Google’s Threat Analysis Group, tweeted that he is happy that the company is getting better at detecting active exploits and having the vulnerabilities patched, but he said that he remains concerned about the number of flaws that are being detected on an ongoing basis.
To minimize the risk associated with the CVE-2021-30554 vulnerability, Chrome users should immediately update to the current version (91.0.4472.114) by clicking on Settings >>> Help >>> “About Google Chrome” and install the available update.
Leave a Comment