This update addresses vulnerabilities that an attacker could exploit to take control of an unpatched system. Google is aware that exploits of CVE-2021-30551 and CVE-2021-30554 exist in the wild.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is highlighting this reporting to ensure Australian individuals and organisations are informed about the current global threat environment, and are equipped to take proactive measures to improve your organisation’s cyber security posture.
ASD’s ACSC encourages users and administrators to review the Chrome Release Note and apply the necessary updates. ASD’s ACSC encourages partners to report any sightings to asd.assist@defence.gov.au
Additional Advice for home users:
To mitigate this threat, Chrome users can go to Settings > Help > About Google Chrome. If your browser version on Linux, macOS and Windows is listed as 91.0.4472.114 or above you are secure. If not, manually check for updates and restart the browser.