Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Cyber Security

Products You May Like

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild.

Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The internet giant’s Threat Analysis Group (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” the company noted in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them.

Automatic GitHub Backups

Also addressed as part of this stable channel update is a use-after-free vulnerability in the Web Transport component (CVE-2021-38002), which was demonstrated for the first time at the Tianfu Cup contest held earlier this month in China. With these patches, Google has resolved a record 16 zero-days in the web browser since the start of the year —

Chrome users are advised to update to the latest version (95.0.4638.69) for Windows, Mac, and Linux by heading to Settings > Help > ‘About Google Chrome’ to mitigate any potential risk of active exploitation.

Products You May Like

Articles You May Like

Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP
Apple releases iOS 18 public beta for iPhone — Here’s what’s new and how to get it
Competition Commission of India Antitrust Probe Finds Apple Abused Position in Apps Market
Google Pixel 9 Series Including Pixel 9 Pro Fold Leaked Again; Design, Battery, Charging Details Surface Online
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

Leave a Reply

Your email address will not be published. Required fields are marked *