Security News > 2021 > September > Google Emergency Update Fixes Two Chrome Zero Days
Google has pushed out an emergency Chrome update to fix yet another pair of zero days - the second pair this month - that are being exploited in the wild.
On Thursday evening, the web Goliath released the Chrome 94.0.4606.71 stable channel release for Windows, Mac and Linux to fix the two zero-days, which were included in an update with a total of four security fixes.
"Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed with the release of the browser fixes.
Just as it did with the pair of zero days that were being exploited in the wild earlier this month, Google is keeping technical details close to the vest, at least until most users have had a chance to plug in the update.
The earlier pair of zero days Google addressed this month in a Sept. 13 update, CVE-2021-30632 and CVE-2021-30633, were likewise being actively exploited in the wild.
If an attacker has managed to get the memory address, the actor "Can gain access to the free memory list, and insert malicious software into free memory," Nayyar continued.
News URL
https://threatpost.com/google-emergency-update-chrome-zero-days/175266/
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37975 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-10-08 | CVE-2021-30633 | Use After Free vulnerability in multiple products Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-10-08 | CVE-2021-30632 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |