Security News > 2021 > September > Google Emergency Update Fixes Two Chrome Zero Days
Google has pushed out an emergency Chrome update to fix yet another pair of zero days - the second pair this month - that are being exploited in the wild.
On Thursday evening, the web Goliath released the Chrome 94.0.4606.71 stable channel release for Windows, Mac and Linux to fix the two zero-days, which were included in an update with a total of four security fixes.
"Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed with the release of the browser fixes.
Just as it did with the pair of zero days that were being exploited in the wild earlier this month, Google is keeping technical details close to the vest, at least until most users have had a chance to plug in the update.
The earlier pair of zero days Google addressed this month in a Sept. 13 update, CVE-2021-30632 and CVE-2021-30633, were likewise being actively exploited in the wild.
If an attacker has managed to get the memory address, the actor "Can gain access to the free memory list, and insert malicious software into free memory," Nayyar continued.
News URL
https://threatpost.com/google-emergency-update-chrome-zero-days/175266/
Related news
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Check if you're in Google Chrome's third-party cookie phaseout test (source)
- Google says spyware vendors behind most zero-days it discovers (source)
- New Google Chrome feature blocks attacks against home networks (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2021-10-08 | CVE-2021-37975 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-10-08 | CVE-2021-30633 | Use After Free vulnerability in multiple products Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-10-08 | CVE-2021-30632 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |