GOOGLE has warned about a “zero-day” security flaw in Chrome and urged users to update their browser now.
An anonymous person reported the vulnerability (called CVE-2021-30563) on July 12 as the tech giant issued another warning for its two billion Chrome users.
Google reported the zero-day issue, dubbed “Type Confusion in V8,” in a blog post.
Google’s blog post read: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
“Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.”
Users were urged to update their browser to version 91.0.4472.164.
This applies to Windows, Mac, and Linux and is expected to roll out over the coming days and weeks with a total of eight security fixes.
The Hindu Business Line noted that this is the eighth zero-day vulnerability found in the Google browser this year.
Chrome has been targeted by the hacking group PuzzleMaker due to its popularity.
These cybercriminals have used Chrome’s vulnerabilities to install malware on Windows.
Last month, this forced Microsoft to issue its own urgent warning for Windows users.
The Sun has contacted Google for comment.
The news comes as the company probes a “Russian government-backed actor” after a series of hacking attempts on western European officials via LinkedIn were reported.
The company announced that hackers were taking advantage of so-called “zero-day vulnerabilities” to conduct digital attacks.
“Zero-day vulnerabilities are unknown software flaws. Until they’re identified and fixed, they can be exploited by attackers,” Google said in a blog post.
Google announced that their Threat Analysis Group (TAG) “actively works to detect hacking attempts and influence operations to protect users from digital attacks”.
They do this by hunting for zero-day vulnerabilities “because they can be particularly dangerous when exploited and have a high rate of success.”
Google noted that at least one of the reported cyber attacks was “used by a likely Russian government-backed actor.”
“In this campaign, attackers used LinkedIn Messaging to target government officials from western European countries by sending them malicious links,” the company said.
“If the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next stage payloads.”
Google praised its employees in the conclusion of the blog post.
“We’d be remiss if we did not acknowledge the quick response and patching of these vulnerabilities by the Apple, Google, and Microsoft teams,” the post reads.