Security News > 2021 > September > Google Emergency Update Fixes Two Chrome Zero Days

Google Emergency Update Fixes Two Chrome Zero Days
2021-09-30 22:38

Google has pushed out an emergency Chrome update to fix yet another pair of zero days - the second pair this month - that are being exploited in the wild.

On Thursday evening, the web Goliath released the Chrome 94.0.4606.71 stable channel release for Windows, Mac and Linux to fix the two zero-days, which were included in an update with a total of four security fixes.

"Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed with the release of the browser fixes.

Just as it did with the pair of zero days that were being exploited in the wild earlier this month, Google is keeping technical details close to the vest, at least until most users have had a chance to plug in the update.

The earlier pair of zero days Google addressed this month in a Sept. 13 update, CVE-2021-30632 and CVE-2021-30633, were likewise being actively exploited in the wild.

If an attacker has managed to get the memory address, the actor "Can gain access to the free memory list, and insert malicious software into free memory," Nayyar continued.


News URL

https://threatpost.com/google-emergency-update-chrome-zero-days/175266/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-08 CVE-2021-37976 Missing Authorization vulnerability in multiple products
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-862
6.5
2021-10-08 CVE-2021-37975 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2021-10-08 CVE-2021-30633 Use After Free vulnerability in multiple products
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
critical
9.6
2021-10-08 CVE-2021-30632 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 995 4843 2751 1634 10223