Time to update Chrome again: latest update patches two 0-day vulnerabilities
Google released a new security update for the company's Chrome browser on October 28, 2021. The new update patches eight security vulnerabilities in the web browser, two of which are exploited in the wild according to Google.
As is the case with all Chrome releases, these are rolled out over time to the entire browser population. Chrome users should consider updating as soon as possible to fix the vulnerabilities to block any attempt at exploiting the vulnerabilities.
Desktop Chrome users should point their browser toc hrome://settings/help to initiate the update check. The same page is opened by navigating to Chrome Menu > Help > About Google Chrome.
Chrome displays the installed version on the page and runs a check for updates when it is opened. Any new version found is downloaded and installed automatically. All that the user has to do then is to click the relaunch button to complete the installation.
A check on the same page after the update should return the Version 95.0.4638.69 (Official Build).
Chrome users on Android can't enforce the update in the same way. It's distribution is managed by Google Play.
The latest Chrome release for the stable channel patches eight security vulnerabilities in total. All issues reported by external security researches have a severity rating of high, the second-highest rating after critical.
The two vulnerabilities that are exploited in the wild are the following ones:
[$N/A] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
[$TBD] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26
Google revealed no additional details. It is unclear how widespread the attacks are and how they are carried out.
Google patched a total of 15 0-day vulnerabilities in Chrome in 2021 already.
Now You: do you use Google Chrome?Advertisement