Security News > 2021 > September > Emergency Google Chrome update fixes zero-day exploited in the wild
Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.
The update was available immediately when BleepingComputer manually checked for new updates from Chrome menu > Help > About Google Chrome.
The zero-day security flaw fixed today was reported the day the first Google Chrome 94 stable release was published, on September 21, by Clément Lecigne from Google TAG, with assistance from Sergei Glazunov and Mark Brand from Google Project Zero.
Even though Google said it detected in the wild attacks abusing CVE-2021-37973, the company did not share additional info regarding these incidents.
Chrome users should have enough time to install the security update to prevent exploitation attempts until more info is available.
CVE-2021-30632 and CVE-2021-30633 - September 13th. Because these security bugs are all known to have been abused by threat actors in the wild, installing all Google Chrome updates is strongly recommended as soon as they are available.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30633 | Use After Free vulnerability in multiple products Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30632 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |