Google has confirmed that a new ‘zero-day’ exploit has been found in Chrome after an anonymous tip-off. Most security flaws are discovered and patched before they get out into the wild, but a zero-day classification means the vulnerability is known to hackers and actively being exploited.
Little is known about the vulnerability CVE-2021-30554 other than it being found in WebGL, a JavaScript API for rendering.
It is standard practice for Google to keep zero-day details to a minimum to buy Chrome users more time to upgrade. If your browser version on Linux, macOS and Windows is listed as 91.0.4472.114 or above you are safe. If not, manually check for updates and restart the browser once the update is ready.
Google also confirmed that three other ‘High’ level threats are patched in this version of Chrome.