On Wednesday, Google released version 90.0.4430.85 of the Chrome Web Browser for the OS Windows, Mac, and Linux. This version contains fixes for seven vulnerabilities that were earlier present. The vulnerabilities include the one for a zero-day vulnerability that was exploited in the wild.
The zero-day was assigned the identifier of CVE-2021-21224, and it was described as a “type confusion in V8”.
Google’s technical program manager Srinivas Sista penned in an advisory, the five vulnerabilities were described as follows:
- CVE-2021-21222 heap buffer overflow in V8
- CVE-2021-21223 integer overflow in Mojo
- CVE-2021-21225 out of bounds memory access in V8
- CVE-2021-21226 use after free in navigation
- CVE-2021-21224 type confusion in V8
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” he wrote.
Five researchers whose ongoing research work was responsible for the fixes were thanked for their contribution to the advisory.