Another Chrome emergency update to patch 0-day vulnerabilities is now available
Google released another security update for the company's Google Chrome web browser that brings the version of the browser to 94.0.4606.71. Google Chrome 94.0.4606.71 is a security update that fixes two vulnerabilities that are actively exploited in the wild according to Google. The update is the third update that Google released this month to address 0-day security issues in Google Chrome that are exploited in the wild.
Google is rolling out the update to all Chrome installations, but users may want to speed up the discovery and installation of the update by loading chrome://settings/help in the browser's address bar, or selecting Menu > Help > About Google Chrome from the menu.
Chrome displays the installed version on the page that is loaded and will run a check for updates. Updates that are discovered during the check are downloaded and installed automatically. The new Extended Stable channel has been updated as well.
Google published information about the update on the Chrome Releases blog:
- [$20000] High CVE-2021-37974 : Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01
- [$TBD] High CVE-2021-37975 : Use after free in V8. Reported by Anonymous on 2021-09-24
- [$NA] Medium CVE-2021-37976 : Information leak in core. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21
Google notes on the page that it is aware of exploits targeting the vulnerabilities CVE-2021-37975 and CVE-2021-37976.
Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.
Both security issues are rated as high, the second highest severity rating after critical. Google did not provide additional information on the issues, e.g. how they are exploited or how widespread the attacks are.
Google released another emergency security update for Chrome last week, patching another 0-day vulnerability that was actively exploited at the time according to the company. Two additional 0-day security issues were fixed on September 13, both of which were also exploited in the wild.
Chrome users may want to update the browser as soon as possible to secure the system against potential attacks.Advertisement