image
Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser. “Google is aware that an exploit for CVE-2021-30551 exists in the wild,” wrote Chrome technical program manager Prudhvikumar Bommana in a Wednesday post. That exploit is identified as a type confusion bug within Google’s V8 open-source JavaScript and WebAssembly engine. The confusion vulnerability is tied to the browser’s ActionScript Virtual Machine. “Usually, when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,” according to a technical description of the bug. Possible Wider Impact of Exploited Chrome Browser Bug The update coincides with the release of the Android Chrome browser to Chrome 91 (91.0.4472.101), also on Wednesday. While the desktop and mobile versions of the Chrome web browser share the same version number, it is unclear if the updated Android Chrome browser is impacted by the same vulnerabilities. Also unclear is if Microsoft’s Edge browser, based on the Chromium open-source browser codebase (principally developed and maintained by Google), is also impacted. In related news, on Tuesday, Microsoft released a patch for vulnerabilities under active…

Source