If you are using Chrome you may have noticed that Google has pushed out an update a week ago, but if you, like many, hate relaunching your browser, you may have been staring at the update prompt for some time.
It is however a rather good idea to install the update as soon as possible, as this month’s routine update includes a fix for a flaw which is being actively exploited in the wild.
The update contains fixes for 4 flaws, but it is CVE-2021-30554 which is currently being exploited. CVE-2021-30554 is a flaw in Google’s implementation of WebGL and is a so-called Use after Free bug, which means hackers are able to access memory even after it has been de-allocated to the app, which often leads to the ability to execute arbitrary code. The flaw is the 7th known zero-day exploit for the Chrome browser this year.
The full list of exploits, all rated as High, include:
- [$TBD] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15
- [$10000] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01
- [$7500] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
- [$10000] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23
If you have an update pending, or your browser version is less than 91.0.4472.114 , it would be a good idea to go to Settings > About and check for updates.