Google has released Chrome version 91.0.4472.101 for Windows, Mac and Linux which fixes fourteen vulnerabilities, one of them zero-day that had been used to carry out attacks and that has been identified as CVE-2021-30551.
The update is reaching all browser users and can be forced by accessing from the menu to Help > Information about Google. Although it is likely that the browser, in a reboot, has installed it silently and the corresponding patches are applied.
Exploited by the same people who exploited a vulnerability fixed yesterday by Microsoft
It so happens that another Mountain View employee, the director of Google's Threat Analysis Group, Shane Huntley, has confirmed in a tweet what this zero-day has been used by the same people who exploited the zero-day attack identified as CVE-2021-33742 that Microsoft fixed yesterday.
This problem fixed in Windows 10 with the Patch Tuesday June that solves fifty vulnerabilities. Among them, five of zero-day and one of them is that we are talking about. This problem, classified as critical, affected the Trident HTML engine and could affect different types of applications.
This is the sixth Chrome zero-day attack exploited in attacks during 2021.