Google is seemingly playing catch-up with threat actors exploiting bugs in old versions of its popular web browser, Chrome, issuing its third urgent upgrade warning in just under a month.
In an advisory, the search engine firm said that it is aware of the issues and is already rolling out a security patch containing the necessary fixes. The patch is being rolled out in the coming days and weeks for Windows, Mac and Linux operating systems.
“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” the firm also said.
“A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system,” said cybersecurity experts monitoring the active security threat.
The exploit was anonymously reported to Google’s security response team. As standard for zero-day bugs, no additional details of the exploit will be shared in an effort to minimise the risk of an attack as Chrome users continue to receive the patch.
The bug is reportedly still being exploited in the wild, making Chrome users who have yet to upgrade vulnerable to an attack. So, if you are using Chrome to browse the web, make sure you are running the latest version.
To check, click on your Chrome’s Hamburger Menu, represented by the three dots, click Help, then click About Google Chrome. From there, you will be able to see what version of Chrome you are running. If your browser version on Linux, Mac, or Windows is 91.0.4472.164 or above, you should be in the clear. If not, manually update your browser and relaunch it once it is done.
Google notes that the updates also squashes six other previously discovered bugs. CVE-2021-30563 marks the eighth zero-bug found in Chrome this year and the third this month. Chrome has been the target of several attacks in the past few months. The most notable of which comes from a group called PuzzleMaker, who managed to successfully install malware on Windows systems by exploiting a Chrome zero-day bug.
The good news is Google’s security team have been consistently releasing patches just days after they learn about a bug. The effectiveness of these patches, however, rely on users actually installing them. So it’s important that you don’t forget to always keep your browsers up to date.