ADVERTISEMENT

Google Chrome: emergency update to patch zero-day vulnerability has been released

Days after the release of Chrome 94 to the Stable channel, comes another update for Google's Chrome web browser. Chrome 94.0.4606.61 is available for the desktop operating systems Linux, Mac and Windows. The update patches a security vulnerability in the client that is exploited actively in the wild.

Chrome users who run desktop versions of the web browser will get the update in the coming days and weeks. Load chrome://settings/help to check the installed version and run a manual check for updates. Chrome will pick up the latest version and install it immediately, which patches the security issues.

google chrome 94.0.4606.61 security patch

CVE-2021-37973 : Use after free in Portals, is rated as high by Google. High is the second highest rating after critical. Google does not reveal additional information about the vulnerability, other than that it is aware that an exploit "exists in the wild". Portals are designed to improve transitions between webpages, and Google hopes that these will replace iframes eventually on the Web.

ADVERTISEMENT

The patch was not included in this week's main update for the Stable channel of the browser, because it was reported on the day the update was released.

Considering that the issue is exploited actively already, Google advises customers to upgrade their versions of Chrome to the latest patched version as soon as possible.

It is unclear at this point if other browsers that are based on Chromium are also affected by the security issue.

Chrome 94 was released earlier this week. The browser patched 19 different security issues, several of which with the high severity rating. Google launched the controversial Idle Detection API in Chrome 94 which websites may use to detect whether users are idle. Users need to give explicit permission before sites may access the information.

Mozilla and Apple announced earlier that they won't implement the API in Firefox and Safari, because of its abuse potential.

Google's official post about the new release is found on the official Chrome Releases website.

Now You: when do you update your browsers?

Summary
Google Chrome: emergency update to patch zero-day vulnerability has been released
Article Name
Google Chrome: emergency update to patch zero-day vulnerability has been released
Description
Google released a security update for its Chrome web browser, which patches a new zero-day vulnerability in the browser that is exploited in the wild.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. karl said on September 25, 2021 at 9:47 am
    Reply

    wow, yet another in-the-wild exploit patched this year – they already patched 8 critical use-after-free ones. what a pig of a browser, so insecure – you’re better off using webkit or gecko, not just for privacy it seems

    1. Iron Heart said on September 25, 2021 at 4:30 pm
      Reply

      @karl

      > so insecure – you’re better off using webkit or gecko

      Good joke.

      https://madaidans-insecurities.github.io/firefox-chromium.html

      > not just for privacy it seems

      Not even for privacy.

      https://www.ghacks.net/2020/02/25/study-finds-brave-to-be-the-most-private-browser/

      1. Yash said on September 25, 2021 at 11:18 pm
        Reply

        Let’s inspect this joke of a comment –

        “Good joke.

        https://madaidans-insecurities.github.io/firefox-chromium.html
        Funny madainwhatever link has been shared. So let’s see if this site is credible. In this link – ‘https://madaidans-insecurities.github.io/security-privacy-advice.html’ Here’s what author has to say – ‘The desktop security model is very broken. It was not designed with security in mind — security was only a poorly implemented afterthought. However, there are some operating systems that are less bad in this regard. If you can, stay away from desktop and stick to mobile devices.’

        These quotes are funny but not credible. So let’s examine the link shared in that paragraph – ‘https://blog.cryptographyengineering.com/2017/03/05/secure-computing-for-journalists/’ Actually the author wrote an article so bad that one reader wrote a good comment questioning the integrity of the article. Article recommends iOS which is very funny. It is from 2017. Fast forward to today, we all know a spyware named Pegasus – last week gHacks wrote an article about Apple measures which confirms huge security hole and spyware news was everywhere weeks ago – Funny a security researcher didn’t keep himself up-to-date.
        Second link in madainwhatever’s highlighted quotes refers to same website, hilarious if you ask me. So let’s see what’s been written there – ‘Use airplane mode and/or take out your SIM card as much as possible to prevent cell tower triangulation.’
        See security expert suggesting to stick to mobile devices and to keep SIM Card out of mobile phone, but then I suppose there are many desktop system that have same problem as well, only in them SIM Card can’t be removed.

        And that’s just a start. Whole madainwhatver website is filled with false claims about many things including Firefox and no real world incidents have been shared. I can put more laughable quotes here but then let the security researcher be at peace. The quotes shared above are enough to conclude – that website is trash, and certainly not the one to draw conclusion on whether Firefox is bad in terms of security compared to Chromium.

      2. Iron Heart said on September 26, 2021 at 8:48 am
        Reply

        @Yash

        First things first, there is no need for you to troll under every single one of my posts. Has it ever occurred to you that I don’t write these only for some troll folk like you to reply? Spread the message far and wide, and tell your troll friends especially, that there is no point in replying to me if you have no argument to make.

        Secondly and more importantly, even before I started reading your comment, I already knew that you would fail to address any of the points madaidan raises in his Firefox vs. Chromium article. Wasn’t disappointed. You just nitpick some other articles of his, desperately searching for any point you can address with your limited knowledge.

        Listen, Yash, you seem to think that you are much more competent than madaidan is, so then it should be no problem for you to address every. single. one. of his points made in the Firefox vs. Chromium article. Can’t wait for your extensive wrecking of madaidan. Good luck.

      3. Yash said on September 26, 2021 at 10:42 am
        Reply

        1. “First things….. make.”

        2. “Secondly and more….. luck.”

        1. Questions were raised about madainwhatever website. Since those are true, you reverted to saying troll and what not. So please continue deflecting the main point. Plus this is a public forum, not everything is trash late night show hosted by Iron Heart, so when you shared a trash site, and I highlighted some laughable quotes, then it would be better if you can justify them or maybe continue on your initial point. If you can’t as you showed, then don’t get embarassed saying stupid things coz then it confirms you’re a troll.

        2. Again you missed the main point. In madainwhatever’s article about Firefox he complained about sandboxes and yet not even once did he shared any real world incidents. As I’ve already showed in my previous comment madainwhatever is a trash guy. For someone who claims to be a security expert, he’s not up-to-date about current issues, heck he’s not even up-to-date about what security issues are in the first place. In Firefox article he complained about sandboxes and in another article he said Android is superior because of sandboxes. And yet there is a spyware which even made Daniel Micay to write – Sandboxes are not enough.
        If Firefox would’ve been insecure then there would’ve been a discovery of string of vulnerabilities exploited in the wild related to claims made by madainwhatever, but none of that has happened. The issues that are currently fixed in Firefox have nothing to do with Madainwhatever’s claims. So yeah I have to prove madainwhatever guy wrong, but the question is – for what? All the things he wrote had no real world value. To prove it otherwise, why don’t you share some incidents which will justify madainwhatever’s claims?

        Good luck mentioning even one.

    2. MdN said on September 25, 2021 at 4:54 pm
      Reply

      “Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty” – a headline on Ars Technica.
      Google, love or hate or indifferrence them, patches things when they become aware of flaws. If the others are silent about those things you don’t know whether they are patching them or ignoring them, like Apple.
      And I’m saying this as a Firefox user.

    3. zerodays said on September 26, 2021 at 7:32 am
      Reply
      1. Iron Heart said on September 26, 2021 at 8:52 am
        Reply

        @zerodays

        So? That’s not bad at all for a software with the complexity of an operating system.

        Firefox has way worse security standards to begin with (see the article I’ve shared) and has to patch high impact security issues every month as well.

        Your point is as moot as can be.

      2. Anonymous said on September 26, 2021 at 10:25 am
        Reply

        Chrome will always have more exploits and vulnerabilities than Firefox because they are the market leader with the biggest userbase. The hackers or criminals target the biggest browser in use.

      3. zerodays said on September 27, 2021 at 2:51 pm
        Reply

        > Chrome will always have more exploits and vulnerabilities

        Wasn’t always the case, when Firefox lacked multi process. But true, chrome is a bigger target, and that makes it a liability in those terms. At the rate they’re going, it’s starting to turn into the adobe acrobat of browsers

        https://www.schneier.com/blog/archives/2021/09/the-proliferation-of-zero-days.html

      4. Iron Heart said on September 28, 2021 at 12:53 pm
        Reply

        @zerodays

        Firefox had more security issues discovered back then because it was way more relevant back then than it is now. Nobody really cares about Firefox today, it probably has more security issues than Chromium does thanks to worse overall security standards, but not even the hackers care enough to uncover them.

        So if Chromium is the Adobe Acrobat of browsers, then Firefox might as well be Adobe Flash post-abandonment.

      5. lucky duck said on September 30, 2021 at 3:26 am
        Reply

        Yup.

        Anything that uses the infrastructure of the web is vulnerable to attacks and exploits, just like the infrastructure of the real world.

        For example, I consider my house as “secure”, yet if a determined gang wants to burn it to the ground, then that will likely happen.

        In the end, we are like a flock of ducks, hoping we won’t be the next target.

        As for such so-called “patches”, they are in part a public relations tactic, implemented to make us feel safer.

  2. ChromeFan said on September 25, 2021 at 2:58 pm
    Reply

    The day Google wants me to update, I update. People who don’t update are not only at a security risk, but are also a security risk to other. Hello virus, bye bye data.

    Also day 1 patch by Google. Unlike other companies, Google is on top of these things. When you have the BEST browser in existence, it is natural jealous people will try to bring it down to the level of ‘other browsers ‘.

    1. ULBoom said on September 25, 2021 at 3:45 pm
      Reply

      Weird, my ad blocker doesn’t block ads “disguised” as posts.

      1. Nico said on September 26, 2021 at 12:12 pm
        Reply

        At your service:
        http://www.ghacks.net##.comment-item:has-text(ChromeFan)

        * [Editor: removed, please be kind ;)]

      2. Nico said on September 26, 2021 at 1:19 pm
        Reply

        @ULBoom
        My previous post hasn’t passed moderation yet (grrr…),
        but my blocking rule also blocked other posts mentioning him…

        This is better:
        http://www.ghacks.net##.opacity–90.comment-item__header:has-text(ChromeFan):upward(.comment-item)

        Caveat:
        ‘:upward’ only works in uBlock Origin.
        Which b.t.w. might be no longer be developed for Chromium based browsers, when
        Manifest V3 kicks in and Gorhill has to limit the capabilities too much.

        https://github.com/uBlockOrigin/uBlock-issues/issues/338#issuecomment-456179825

        https://github.com/uBlockOrigin/uBlock-issues/issues/338#issuecomment-873602429

  3. ULBoom said on September 25, 2021 at 3:42 pm
    Reply

    Google Man will save the day fixing vulnerabilities before they occur!

    Yay, Google Man busy creating new vulnerabilities day and night!

    Google Man, so amazing, so literally anthropomorphic!

    Huh?

  4. Chromium Woolyss said on September 25, 2021 at 10:54 pm
    Reply

    Now look, I detest Google, but in patching they are useful idiots. It’s very very veeeery bad for business to have a vulnerable browser so they go out of their way to find the leaks and patching them. This benefits Chromium browser, which I use. No ifs or butts about it, Googles patching regime is a good thing for everybody.

  5. ilev said on September 26, 2021 at 7:23 am
    Reply

    Edge Version 94.0.992.31

    * CVE-2021-37973
    * CVE-2021-37956
    * CVE-2021-37957
    * CVE-2021-37958
    * CVE-2021-37959
    * CVE-2021-37960
    * CVE-2021-37961
    * CVE-2021-37962
    * CVE-2021-37963
    * CVE-2021-37964
    * CVE-2021-37965
    * CVE-2021-37966
    * CVE-2021-37967
    * CVE-2021-37968
    * CVE-2021-37969
    * CVE-2021-37970
    * CVE-2021-37971
    * CVE-2021-37972

  6. tamara_4752 said on September 26, 2021 at 10:22 pm
    Reply

    Martin which internet browser do you recommend

    1. Martin Brinkmann said on September 27, 2021 at 6:15 am
      Reply

      I recommend several, e.g. Firefox, Vivaldi, or Brave. It depends on what you need.

      1. tamara_4752 said on September 29, 2021 at 5:19 pm
        Reply

        what do you recommend for ios ?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.