Skip to main content

A zero-day Google Chrome security flaw requires you to update now

Google released an update to its Chrome browser for Windows and Mac users, and the internet giant strongly recommends that users apply the update as soon as possible. The update contains 14 security fixes — including a zero-day security flaw — that if left unchecked would leave the system vulnerable to attacks. Google categorized these fixes as critical, high, and medium importance.

Windows and Mac users who also surf the internet with the Chrome browser will want to make sure that they’re on version 91.0.4472.101. To make sure that you’re on the latest build of Chrome, launch your browser and then click on the three dots stacked vertically at the top right. Navigate to Settings, and then click About Chrome. From there, you’ll be able to view the Chrome version number, and you can update the browser if it wasn’t automatically updated in the background.

Recommended Videos

If you don’t immediately update your browser, Google should be pushing out the update to users in the coming days or weeks, the company stated on its blog.

One of the security vulnerabilities that was listed — CVE-2021-30551 — is related to a flaw in Windows 10 that Microsoft had recently patched with its newest OS update.

“Chrome in-the-wild vulnerability CVE-2021-30551 patched today was also from the same actor and targeting,” Google Director of Software Engineering Shane Huntley wrote in a Twitter post, referencing that attackers who exploited that vulnerability also took advantage of the vulnerability from CVE-2021-33742. In its release note of the latest Chrome update, Google described the CVE-2021-30551 vulnerability as a “type confusion in V8,” which was reported by Clement Lecigne of Google’s Threat Analysis Group and Sergei Glazunov of Google Project Zero.

The vulnerability was initially discovered on June 4, Google stated, noting that the company “is aware that an exploit for CVE-2021-30551 exists in the wild.” Chrome relies on the JavaScript-based V8 rendering engine for its browser, and the rendering is also common for competing browsers based on the Chromium project, including Microsoft’s Edge.

Even if you’re not on Google Chrome, you’ll want to ensure that you’re running the latest release from the browser of your choice. Most browsers that use Chromium for rendering will also list the Chromium version number, and users should diligently check to see if a patch is available for their browser of choice. If you’re using Microsoft Edge, for example, you’ll want to launch your browser, and navigate to the About page. There, you’ll find the browser version number along with an option to update to the latest version if you’re not on the most current release. Similar procedures can be followed for Opera, Brave, and others that are based on Chromium.

According to Bleeping Computer, this is the sixth zero-day exploit for Chrome in 2021.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
This Google Chrome feature may save you from malware
Google Chrome app on s8 screen.

There are probably hundreds of thousands of Google Chrome extensions out there, and with so many options to choose from, it can be hard to know whether the plugin you want to install is hiding malware nasties.

That could become a thing of the past, though, as Google is testing a feature that will warn you if an extension you installed has been removed from its Chrome Web Store.

Read more
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more
Update Chrome now to avoid this major zero-day exploit
Google Chrome open with several tabs.

The Google Chrome browser has been hit by its first zero-day attack of 2023, and Google has begun rolling out an emergency update as of today to address the exploit.

Google detailed on its Chrome Release blog that it is aware that an exploit for CVE-2023-2033 exists in the wild. It has likely been circulating since the beginning of the year, according to Bleeping Computer.

Read more