For the sixth time this year, Google has released a Chrome point-update to address code execution flaws that are already being exploited by malevolent hackers, according to the firm. In a Thursday advisory, Google stated, “Google is aware that an attack for CVE-2021-30554 exists in the wild.” It’s a use-after-free flaw in WebGL, the JavaScript API for rendering graphics without the need for plugins. The weakness has been classified as “high-risk” by Google, which has begun sending the latest patch to users via the browser’s automatic-update mechanism. Google provided no other information about the attacks other than the fact that they were reported anonymously two days ago, on June 15, 2021. Users of Microsoft Windows, Apple macOS, and Linux can download Chrome version 91.0.4472.114. Google also corrected three other memory corruption vulnerabilities in WebAudio, TabGroups, and Sharing, in addition to the zero-day attack. There have been a record number of zero-day assaults this year, with Google fixing six of them in its Chrome browser. A total of 47 in-the-wild assaults targeting software weaknesses unknown even to the manufacturer have been disclosed by zero-day trackers.
