Connect with us

Hi, what are you looking for?



Google Confirms Sixth Zero-Day Chrome Attack in 2021

Google’s ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn’t going away anytime soon.

Google’s ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn’t going away anytime soon.

For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.

“Google is aware that an exploit for CVE-2021-30554 exists in the wild,” the company said in an advisory posted on Thursday.  It refers to a use-after-free vulnerability in WebGL, the JavaScript API used to render graphics without browser plugins.

[ Related: Chrome Hit in Another Mysterious Zero-Day Attack ]

Google rated the flaw as “high-risk” and has started pushing the latest patch to users via the browser’s automatic-updating mechanism.  

Google did not provide any additional details on the attacks, except to say it was reported anonymously two days ago, on June 15, 2021.

The latest Chrome version 91.0.4472.114 is available for Microsoft Windows, Apple macOS and Linux users.

Advertisement. Scroll to continue reading.

In addition to the zero-day being exploited, Google also patched three separate memory corruption vulnerabilities in WebAudio, TabGroups and Sharing.

It’s been a record year for zero-day attacks with Google patching six such bugs in the Chrome browser.  In all, zero-day trackers have documented a total of 47 in-the-wild attacks targeting software flaws unknown even to the vendor.

Related: Google Chrome Zero-Day Under Attack, Again

Related: Inside an Iranian Domestic Cyber-Surveillance Operation

Related: Google Chrome Hit in Another Mysterious Zero-Day Attack

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.