After receiving an anonymous tip, Google acknowledged the discovery of new "zero-day" exploits in Chrome in an official blog post. Most security weaknesses are found and addressed before they reach the public, but a zero-day vulnerability is one that hackers are aware of and actively exploiting.
Other than the fact that it was discovered in WebGL, a JavaScript API for graphics, little is known about the vulnerabilities (CVE-2021-30554). Google has a policy of keeping zero-day details to a bare minimum to give Chrome users more time to update. All Chrome technical program manager Srinivas Sista has revealed is that "Google is aware that an attack for CVE-2021-30554 exists in the wild."
Chrome users should go to Settings > Help > About Google Chrome right now to combat this danger. You are safe if your browser version on Linux, macOS, or Windows is 91.0.4472.114 or higher. If not, check for updates manually and restart the browser after the update is complete. According to Google, three more ‘High' level threats have also been fixed in this version of Chrome.
Chrome users should be extremely cautious right now. Last week, Kaspersky notified BleepingComputer that a new group of hackers known as "PuzzleMaker" had succeeded in using Chrome zero-day vulnerability to install malware on Windows systems. Last week, Microsoft sent a security alert to Windows users.
It appears that Chrome hackers are having a busy season right now, so keep vigilant and make sure your browser and operating system are both up to date.
Information source: Forbes
