Security News > 2021 > September > Google pushes emergency Chrome update to fix two zero-days
Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers.
"Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild," Google disclosed in the list of security fixes fixed in today's Google Chrome release.
Google has started rolling out Chrome 94.0.4606.71 to users worldwide in the Stable Desktop channel and should be available to all users within the coming days.
To install the update immediately, Google Chrome users can go to Chrome menu > Help > About Google Chrome, and the browser will begin performing the update.
With these two fixes, Google has patched 13 zero-day vulnerabilities in the Chrome web browser since the start of 2021.
As Google is rushing out Chrome updates to fix zero-days as they are reported, it is always critical to install new browser updates as soon as they become available.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37975 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |