Google patches 8th Chrome zero-day exploited in the wild this year
Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild.
The new Chrome release has started rolling out worldwide to the Stable desktop channel and will become available to all users over the following days.
Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > 'About Google Chrome.'
The zero-day patched on Thursday and reported by Google Project Zero's Sergei Glazunov is described as a type confusion bug in V8, Google's open-source C++-based and high-performance WebAssembly and JavaScript engine.
Even though type confusion weaknesses would generally lead to browser crashes following successful exploitation by reading or writing memory out of the bounds of the buffer, they can also be exploited by threat actors to execute arbitrary code on devices running vulnerable software.
While Google said that it is aware of CVE-2021-30563 in the wild exploitation, it did not share info regarding these attacks to allow the security update to deploy on as many systems as possible before more threat actors start actively abusing.
