The zero-day is tracked as CVE-2021-21224, and exploits for it exist in the wild. You should check whether you are running the latest version of Google Chrome.
“The Stable channel has been updated to 90.0.4430.85 for Windows, Mac and Linux which will roll out over the coming days/weeks,” the company said in a blog post.
More about CVE-2021-21224 Zero-Day
According to security researcher Lei Cao, the vulnerability is triggered by performing integer data type conversion. This creates an out-of-bounds condition that could cause arbitrary memory read/write primitive.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the company added. A proof-of-concept code for the vulnerability was released mid-April by a researcher known as frust, following a fix in the V8 source code. The patch wasn’t added to the Chromium codebase, making Chromium-based browsers Chrome, Edge, Vivaldi, Opera, and Brave vulnerable.
These updates come shortly after Google released patches for two other vulnerabilities, CVE-2021-21206 and CVE-2021-21220. The second vulnerability was demonstrated during Pwn2Own 2021 earlier this month by Dataflow Security’s researchers Bruno Keith and Niklas Baumstark. The two researchers won $100,000 from the hacking contest for successfully exploiting the vulnerability to run malicious code within Chrome and Edge browsers.