Connect with us

Hi, what are you looking for?


Cloud Security

Google Patches More Under-Attack Chrome Zero-days

Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.

Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.

The latest confirmation of this appears today with a new Chrome point-update to patch a pair of security vulnerabilities affecting Windows, MacOS and Linux users. Google said it was aware of reports that both of these vulnerabilities – CVE-2021-21206 and CVE-2021-21220 — are being exploited in the wild.   

As has become normal, Google did not provide any other details on the attacks or provide any IOCs to help organizations find signs of infection.

[ SEE: Sophisticated APT Group Burned 11 Zero-Days ]

The company confirmed that one of the bugs — described as “insufficient validation of untrusted input in V8 for x86_64” — was part of an exploit chain demonstrated at last week’s Pwn2Own marketing contest.

The second under-attack bug is currently documented simply as a use-after-free memory corruption vulnerability in Blink, the rendering engine used in Chrome.  Google said the bug was reported anonymously.

So far in 2021, Google has rushed out fixes for at least three separate in-the-wild zero-day attacks.

Advertisement. Scroll to continue reading.

Related: Google Chrome Zero-Day Under Attack, Again

Related: Google Chrome, Microsoft IE Zero-Days in Crosshairs

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...