Google on Wednesday released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The release contains seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.
The zero-day, which was assigned the identifier of CVE-2021-21224, was described as a “type confusion in V8”.
In an advisory penned by Chrome technical program manager Srinivas Sista, five vulnerabilities were detailed: CVE-2021-21222 heap buffer overflow in V8, CVE-2021-21223 integer overflow in Mojo, CVE-2021-21225 out of bounds memory access in V8, CVE-2021-21226 use after free in navigation, and CVE-2021-21224 type confusion in V8.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” he wrote.
The advisory thanked five researchers for their contributions and added that its own ongoing security work was responsible for a wide range of fixes.