In an official blog post, Google has confirmed that a new ‘zero-day’ exploit has been found in Chrome after an anonymous tip-off. Most security flaws are discovered and patched before they get out into the wild, but a zero-day classification means the vulnerability is known to hackers and actively being exploited.
Little is known about the vulnerability (CVE-2021-30554) other than it being found in WebGL, a JavaScript API for rendering. It is standard practice for Google to keep zero-day details to a minimum to buy Chrome users more time to upgrade. “Google is aware that an exploit for CVE-2021-30554 exists in the wild,” is all Chrome technical program manager Srinivas Sista has said.
To combat this threat, Chrome users should immediately go to Settings > Help > About Google Chrome. If your browser version on Linux, macOS and Windows is listed as 91.0.4472.114 or above you are safe. If not, manually check for updates and restart the browser once the update is ready. Google also confirmed that three other ‘High’ level threats are patched in this version of Chrome.
If you would like assistance to perform the update on your device or to find out if you are affected, please call Wide Bay Computer Services on 07 4125 1661.