Google’s ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn’t going away anytime soon.
For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.
“Google is aware that an exploit for CVE-2021-30554 exists in the wild,” the company said in an advisory posted on Thursday. It refers to a use-after-free vulnerability in WebGL, the JavaScript API used to render graphics without browser plugins.
[ Related: Chrome Hit in Another Mysterious Zero-Day Attack ]
Google rated the flaw as “high-risk” and has started pushing the latest patch to users via the browser’s automatic-updating mechanism.
Google did not provide any additional details on the attacks, except to say it was reported anonymously two days ago, on June 15, 2021.
The latest Chrome version 91.0.4472.114 is available for Microsoft Windows, Apple macOS and Linux users.
In addition to the zero-day being exploited, Google also patched three separate memory corruption vulnerabilities in WebAudio, TabGroups and Sharing.
It’s been a record year for zero-day attacks with Google patching six such bugs in the Chrome browser. In all, zero-day trackers have documented a total of 47 in-the-wild attacks targeting software flaws unknown even to the vendor.
Related: Google Chrome Zero-Day Under Attack, Again
Related: Inside an Iranian Domestic Cyber-Surveillance Operation
Related: Google Chrome Hit in Another Mysterious Zero-Day Attack

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
- Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
- CISA Unveils New HBOM Framework to Track Hardware Components
- Gem Security Lands $23 Million Series A Funding
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- CrowdStrike to Acquire Application Intelligence Startup Bionic
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
