Security News > 2021 > September > Google pushes emergency Chrome update to fix two zero-days
Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers.
"Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed in the list of security fixes fixed in today's Google Chrome release.
Google has started rolling out Chrome 94.0.4606.71 to users worldwide in the Stable Desktop channel and should be available to all users within the coming days.
To install the update immediately, Google Chrome users can go to Chrome menu > Help > About Google Chrome, and the browser will begin performing the update.
With these two fixes, Google has patched 13 zero-day vulnerabilities in the Chrome web browser since the start of 2021.
As Google is rushing out Chrome updates to fix zero-days as they are reported, it is always critical to install new browser updates as soon as they become available.
News URL
Related news
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37975 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |