Google published urgent security updates for its Chrome browser on Thursday, including a pair of new security flaws that are being exploited in the wild.
While this Chrome update addresses four security flaws, the two zero-day vulnerabilities are significant because they have been exploited in the wild.
The first zero-day, CVE-2021-37976, was classified as an “Information leak in the core” with a medium severity rating.
CVE-2021-37974, the second high-severity bug Google patched on Thursday, is another use-after-free flaw found in safe browsing.
Since the beginning of the year, Google has fixed a total of 14 zero-day vulnerabilities in the web browser with the newest versions that are as follows:
All the Google Chrome versions before 94.0.4606.71.
Chrome has released its latest version. The 94.0.4606.71 version is available for Windows, Mac, and Linux. This update is introduced to address two zero-day vulnerabilities that have been exploited by attackers. But at the same time, CVE-2021-37975 and CVE-2021-37976 exist in the wild.
One can perform a manual update by going to Settings > Help > About Google Chrome.
Qualys customers can scan their network with QID 375923 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References and Sources