Home Technology News Don’t delay updating your Chrome browser or risk being hacked

Don’t delay updating your Chrome browser or risk being hacked

If you are using Chrome you may have noticed that Google has pushed out an update a week ago, but if you, like many, hate relaunching your browser, you may have been staring at the update prompt for some time.

It is however a rather good idea to install the update as soon as possible, as this month’s routine update includes a fix for a flaw which is being actively exploited in the wild.

The update contains fixes for 4 flaws, but it is CVE-2021-30554 which is currently being exploited. CVE-2021-30554 is a flaw in Google’s implementation of WebGL and is a so-called Use after Free bug, which means hackers are able to access memory even after it has been de-allocated to the app, which often leads to the ability to execute arbitrary code. The flaw is the 7th known zero-day exploit for the Chrome browser this year.

The full list of exploits, all rated as High, include:

  • [$TBD][1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15
  • [$10000][1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01
  • [$7500][1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
  • [$10000][1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

If you have an update pending, or your browser version is less than 91.0.4472.114 , it would be a good idea to go to Settings > About and check for updates.

via Chromeunboxed