Latest Google Chrome Update: Fixing Critical Zero-Day Bug Exposed in Cyber Attacks



Google patches new Chrome zero-day bug exploited in attacks

Google has recently deployed an emergency security update to address a newly discovered zero-day vulnerability in its flagship browser, Chrome, marking it the third such incident already reported this year.

This bug, coded as CVE-2021-30663, is under active exploitation by unknown attackers.

Details of the Bug and Patch

The third Google Chrome zero-day vulnerability of 2021, discovered internally by Google Project Zero, is categorised under ‘type confusion’ in the V8 JavaScript engine.

V8 is Google’s open-source JavaScript and WebAssembly engine built for Chrome and Chrome OS.

The tech giant released Chrome version 91.0.4472.101 for Windows, Mac, and Linux platforms, with the robust patch resolving fourteen vulnerabilities in total, including this actively-exploited zero-day bug.

The Exploitation

The cybersecurity community remains in the dark about the specifics of this zero-day exploitation, as Google maintains a policy of limited disclosure until a majority of users have applied the patch.

This activity is aimed at protecting users who haven’t yet secured their browser by making it harder for other cyber threat actors to leverage this zero-day.

However, Google confirms that an anonymous entity has provided evidence of an exploit for CVE-2021-30663 in the wild.

Security Advice for Users

In light of this development, users are strongly advised to manually check their Chrome versions and promptly install the 91.0.4472.101 update.

This can be done by navigating to ‘help’ in the Chrome menu, selecting ‘About Google Chrome’, and applying recommended updates.

Businesses employing Chrome in an enterprise environment should adopt a proactive, rather than reactive, approach towards patch management.

Establishing procedures for regular patch updates and quick responses to emergency patches can considerably strengthen corporate security defenses.

Previous Zero-Day Exploits in 2021

This latest development follows two previous zero-day attacks on Google Chrome earlier this year – CVE-2021-21166 and CVE-2021-21193, both of which were subsequently patched.

Cybersecurity experts speculate these exploits were connected to the same threat actor, given their similar characteristics.

Follow-Up Reading


AegisLens

Stay ahead of cyber threats with AegisLens. Get real-time CVE updates, expert insights, and tools to secure your world. #CyberSecurity #ThreatIntel #Infosec
Inside the Jaguar Land Rover Cyberattack: What We Know (and What It Means)

Inside the Jaguar Land Rover Cyberattack: What We Know (and What It Means)

Bitdefender Enhances Business Email Security with Mesh Acquisition: A Power-Shift for MSPs

Bitdefender Enhances Business Email Security with Mesh Acquisition: A Power-Shift for MSPs

CISA Alert: Linux Vulnerability Targeted by Cyber Attackers with Proven Exploit

Breaking Down the Exploitation of Google Chrome Zero-Day CVE-2025-2783 by TaxOff for Trinper Backdoor Deployment

Breaking Down the Exploitation of Google Chrome Zero-Day CVE-2025-2783 by TaxOff for Trinper Backdoor Deployment

Understanding the Recurring Zyxel Firewall Vulnerability: A Focus on Network Security

Understanding the Sitecore CMS Exploit Chain: The Role of Hardcoded ‘b’ Password

Understanding the Sitecore CMS Exploit Chain: The Role of Hardcoded ‘b’ Password

Leave a Reply