Google releases critical security update for Chrome that fixes a 0-day vulnerability

Martin Brinkmann
Dec 14, 2021
Updated • Dec 14, 2021
Google Chrome
|
15

Google released a new security update for its Chrome web browser that is fixing several security vulnerabilities in the browser. One of the security vulnerabilities is exploited in the wild, another received the highest severity rating of critical.

google chrome critical security update december 2021

The update is being pushed out to all Chrome installations worldwide. It may take some time, days or even weeks, before the updates become available through the automatic update feature of the Chrome browser.

Desktop users may run manual checks for updates to protect their browser installations right away.

Select Menu > Help > About Google Chrome, or load chrome://settings/help to open the update page. Chrome displays the installed version, runs a check for updates, and will download and install any new version of the browser that it finds.

The fully updated desktop version is 96.0.4664.110. Android users can't force a manual check of the browser on their devices, as this is exclusively managed by Google Play.

The vulnerabilities

Google lists five vulnerabilities that are fixed by the Chrome update on the official Releases Blog:

  • [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
  • [$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
  • [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
  • [$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
  • [$TBD][1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

The vulnerability with the ID CVE-2021-4102 is exploited in the wild according to Google. The security issue exploits a user after free in Chrome's JavaScript engine V8. Use after free vulnerabilities can often be exploited to run arbitrary code on target machines. The scope of attacks that exploit the vulnerability has not been revealed by Google.

Chrome users are advised to update their browsers as soon as possible to protect them against potential attacks.

Google released a security update for Chrome 96 just last week. The company has patched 16 Zero-day vulnerabilities in Chrome in 2021. Other Chromium-based browser makers may release security updates for their products as well to address these issues.

Now You: when do you update your browsers and other programs?

Summary
Google releases critical security update for Chrome that fixes a 0-day vulnerability
Article Name
Google releases critical security update for Chrome that fixes a 0-day vulnerability
Description
Google released a new security update for its Chrome web browser that is fixing several security vulnerabilities in the browser. One of the security vulnerabilities is exploited in the wild, another received the highest severity rating of critical.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. susi said on January 3, 2022 at 8:40 pm
    Reply

    Opera is still better, faster than Chrome

  2. Susan said on December 19, 2021 at 5:52 pm
    Reply

    No Chrome anymore. JUST NO!

  3. Susan said on December 19, 2021 at 5:51 pm
    Reply

    Moving to firefox until chrome gets their act together if ever

  4. Susan said on December 19, 2021 at 5:51 pm
    Reply

    chrome is pathetic with their updates. Moving to firefox!

  5. Derek Clements said on December 18, 2021 at 4:40 am
    Reply

    Brave for Android Updated:
    Currently available from Google Play:
    * Brave (Android) version: 1.33.106
    (Chromium version: 96.0.4664.110)

    Unfortunately, at the time of posting this, no update is available (via Google Play) from Kiwi Browser.

  6. common sense computing said on December 15, 2021 at 2:30 am
    Reply

    I’m sure they’re saving some particularly bad zero days for right after manifest v2 is removed from Chrome.

  7. Anonymous said on December 14, 2021 at 1:24 pm
    Reply

    More vulnerabilities,what a year its been for Chrome. Will it get any worse ?

    1. Anonymous said on December 14, 2021 at 5:35 pm
      Reply

      Yes, they are going to need a bigger spreadsheet just for the zero-day in the wild ones
      https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708

      chrome|ium is so insecure, you should avoid it and use Firefox

      1. Iron Heart said on December 14, 2021 at 11:49 pm
        Reply

        @Anonymous

        > chrome|ium is so insecure, you should avoid it and use Firefox

        > Firefox
        > security

        Please choose one, can’t have both:

        https://madaidans-insecurities.github.io/firefox-chromium.html

      2. Unknown person said on December 15, 2021 at 7:38 am
        Reply

        @Iron Heart: and you still promote a Chrom-derived browser

      3. Unknown Peacock said on December 15, 2021 at 8:10 am
        Reply

        And he still cannot think of anything better than obtusely spamming an outdated article, which he does not even understand what is written about.

      4. Anonymous said on December 14, 2021 at 6:37 pm
        Reply

        Half that zero-day are solved! ;)

      5. Anonymous said on December 14, 2021 at 10:15 pm
        Reply

        > Half that zero-day are solved! ;)

        only half? that’s a bit shit

  8. Leopeva64 said on December 14, 2021 at 11:24 am
    Reply

    An interesting news that has to do with Chrome, it looks like Google will replace Chrome’s downloads bar with a bubble and a downloads button on the toolbar (much like how it works in Edge):

    https://redd.it/rfxkfa

    .

  9. Yash said on December 14, 2021 at 7:27 am
    Reply

    I installed Brave after long time on my android – all 200 MB of installation file three days ago. Then an update appeared on Aurora Store yesterday. Now this update again – fair to say there’s no end to this.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.