Advertisement
Subscribe to our daily newsletter.
Subscribe

Google releases update to fix another zero-day flaw in Chrome browser

Google's jumping on the latest zero-day.

By

Google Chrome Sundar Pichai
Google and Alphabet CEO Sundar Pichai speaks at Google's annual developer conference. (KIMIHIRO HOSHINO/AFP via Getty Images)

Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said.

Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well.

If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems.

VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in the wild.

Advertisement

“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the blog states.

The update includes solutions for Windows, Mac and Linux users.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Mongolian guards stand guard in front of the Genghis Khan statue at the Government Palace in Ulaanbaatar on May 21, 2023. The hackers allegedly conducted watering hole attacks on Mongolian government websites.(Photo by LUDOVIC MARIN/AFP via Getty Images)

Google: apparent Russian hackers play copycat to commercial spyware vendors

The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors.
By Tim Starks

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Image of a microphone for a podcast series

Tackling AI-powered threats with zero trust and least privilege access

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Government

Technology

Threats

Geopolitics