Advertisement
Subscribe to our daily newsletter.
Subscribe

Google releases update to fix another zero-day flaw in Chrome browser

Google's jumping on the latest zero-day.

By

Google Chrome Sundar Pichai
Google and Alphabet CEO Sundar Pichai speaks at Google's annual developer conference. (KIMIHIRO HOSHINO/AFP via Getty Images)

Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said.

Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well.

If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems.

VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in the wild.

Advertisement

“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the blog states.

The update includes solutions for Windows, Mac and Linux users.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency Jen Easterly prepares to testify at a House Select Committee on the Chinese Communist Party hearing on Capitol Hill in Washington, DC, on January 31, 2024. (Photo by Julia Nikhinson / AFP)

CISA orders Ivanti devices targeted by Chinese hackers be disconnected

An updated emergency directive includes instructions on how to bring affected devices back online securely.
By AJ Vicens

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics