Days after fixing a zero-day bug, Google has patched two more vulnerabilities in Chrome browser for which active exploits exist. Google has also made more fixes with the latest Chrome 94.0.4606.71 stable release.
Two New Chrome Zero-Day Vulnerabilities
According to its advisory, Google has released an urgent Chrome update addressing multiple security flaws.
One of these includes a high-severity use after free flaw in the Safe browsing feature (CVE-2021-37974). Google has rewarded the researcher Weipeng Jiang with a bounty of $20,000 for reporting the bug.
Besides, the other two fixes address zero-day vulnerabilities.
One of these, CVE-2021-37975, is a high-severity use after free vulnerability in the V8 component. The tech giant hasn’t named the researcher who reported this bug.
Whereas the other bug, CVE-2021-37976, is a medium severity “information leak in core”.
Google has not shared details about these vulnerabilities, as is the norm with its security fixes. However, the tech giant confirmed the active exploitation of the latter two flaws.
Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.
Bunch Of Zero-Days Fixed In September
These fixes add to the plethora of zero-day vulnerabilities that Google patched in the same month.
First, in early September, Google released fixes for two zero-day vulnerabilities along with other security bugs. The tech giant confirmed the existence of exploits for the two flaws CVE-2021-30632 and CVE-2021-30633.
Soon after, the firm had to release patches for another zero-day, CVE-2021-37973, for which Google confirmed exploitation in the wild.
And then, days after, it released this emergency Chrome update 94.0.4606.71 for desktop users addressing the above-referred vulnerability.
All of these zero-day fixes are in addition to loads of other security bugs in the browser.
These recurrent patches emphasize the importance of running the latest Chrome browser versions as the criminal hackers never miss a chance to exploit the bugs.
Therefore, all Chrome desktop (Windows, Mac, and Linux) users should update their browsers at the earliest to receive the patches.
Also, besides Chrome, users shouldn’t miss out on updating all other apps running on their devices to receive any patches.
Let us know your thoughts in the comments.