Another zero-day vulnerability of Google Chrome was in the news in mid-July 2021. The zero-days prior to this one were as follows:
- CVE-2021-21148 – February 4th, 2021
- CVE-2021-21166 – March 2nd, 2021
- CVE-2021-21193 – March 12th, 2021
- CVE-2021-21206 – April13th, 2021
- CVE-2021-21220 – April 13th, 2021
- CVE-2021-21224 – April 20th, 2021
- CVE-2021-30551 – June 9th, 2021
- CVE-2021-30554 – June 17th, 2021
A remote attacker could exploit the vulnerability by luring a victim into visiting a specially crafted webpage, triggering the type confusion bug and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of the vulnerable system.
Google Chrome prior to 91.0.4472.164.
Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux. The update includes 8 security fixes, including zero-day that is being exploited in the wild and is being tracked as CVE-2021-30563.
One can perform a manual update by going to Settings > Help > About Google Chrome.
Qualys customers can scan their network with QID 375718 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References and Sources