Google developers have released an updated version of the Chrome browser for Windows, Mac and Linux ( 91.0.4472.164 ), which eliminated a zero-day vulnerability in the V8 engine, which is responsible for running and interpreting JavaScript.
The vulnerability has been assigned the identifier CVE-2021-30563 and is of type confusion. It is reported that this problem has already been used by hackers for attacks, but so far there are no details about how, when and by whom this vulnerability was exploited.
The company thanks an anonymous researcher for finding the bug, who notified the developers of the problem last week.
“A remote attacker could create a special web page, trick the victim into visiting it, trigger a type confusion error, and execute arbitrary code on the target system. Successful exploitation of this vulnerability can lead to a complete compromise of the vulnerable system, ”experts warn.
This is far from the first 0-day that Google engineers have fixed this year. So, earlier the developers discovered the following problems that were under attack:
- CVE-2021-21148 – fixed in Chrome 88.0.4324.150;
- CVE-2021-21166 – fixed in Chrome 89.0.4389.72;
- CVE-2021-21193 – fixed in Chrome 89.0.4389.90;
- CVE-2021-21220 – fixed in Chrome 89.0.4389.128;
- CVE-2021-21224 – fixed in Chrome 90.0.4430.85;
- CVE-2021-30551 – fixed in Chrome 91.0.4472.101;
- CVE-2021-30554 – Fixed in Chrome 91.0.4472.114.