Security News > 2021 > September > Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.
Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.
As is typically the case, the company said it's "Aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerability was exploited, or the threat actors that may be abusing them.
With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year -.
Chrome users are advised to update to the latest version for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-30633 | Use After Free vulnerability in multiple products Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30632 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |