A Google Chrome Zero-Day Security Flaw Is Under Active Attack, Update ASAP
This entry was posted on June 11, 2021.
Most of the details of the actively exploited attack vector remain a secret. It is normal for Google to restrict access to bug details (and associated links with more information about them) until a majority of Chrome users are patched and no longer vulnerable. That is the situation with CVE-2021-30551.
"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed," Google explains.
Another member of the Threat Analysis Group, Shane Huntley, stated on Twitter that the "in-the-wild vulnerability CVE-2021-30551 patched today was also from the same actor" who leveraged CVE-2021-33742, a remote code execution vulnerability that Microsoft recently patched in various Windows builds.
How To Patch Chrome's Zero-Day Vulnerability That Is Active Being Attacked
You will then have the option to apply an update, if one is available. At the time of this writing, the latest Chrome build (and the one that is patched against the zero-day exploit) is 91.0.4472.101.