Security News > 2021 > September > Emergency Google Chrome update fixes zero-day exploited in the wild
Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.
The update was available immediately when BleepingComputer manually checked for new updates from Chrome menu > Help > About Google Chrome.
The zero-day security flaw fixed today was reported the day the first Google Chrome 94 stable release was published, on September 21, by Clément Lecigne from Google TAG, with assistance from Sergei Glazunov and Mark Brand from Google Project Zero.
Even though Google said it detected in the wild attacks abusing CVE-2021-37973, the company did not share additional info regarding these incidents.
Chrome users should have enough time to install the security update to prevent exploitation attempts until more info is available.
CVE-2021-30632 and CVE-2021-30633 - September 13th. Because these security bugs are all known to have been abused by threat actors in the wild, installing all Google Chrome updates is strongly recommended as soon as they are available.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google says new scam protection feature in Chrome uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30633 | Use After Free vulnerability in multiple products Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30632 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |