Security News > 2021 > October > Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild.
The internet giant's Threat Analysis Group has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.
"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," the company noted in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them.
Also addressed as part of this stable channel update is a use-after-free vulnerability in the Web Transport component, which was demonstrated for the first time at the Tianfu Cup contest held earlier this month in China.
With these patches, Google has resolved a record 16 zero-days in the web browser since the start of the year -.
Chrome users are advised to update to the latest version for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate any potential risk of active exploitation.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-23 | CVE-2021-38003 | Improper Handling of Exceptional Conditions vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-11-23 | CVE-2021-38000 | Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | 6.1 |