Home Cyber Security News Chrome Zero-Day Mayhem Continues – Google Fixed Two More Flaws

Chrome Zero-Day Mayhem Continues – Google Fixed Two More Flaws

by Abeerah Hashim
third Chrome zero-day bug

Heads up, Chrome users! Google has once again rolled out a Chrome browser update addressing two zero-day flaws. So, make sure to update your devices with the latest Chrome 95.0.4638.69 version at the earliest.

Two More Chrome Zero-Day Flaws

Google has recently rolled out another stable release for its Chrome browser for Windows, Mac, and Linux systems. With the latest Chrome 95.0.4638.69 for desktop, the tech giant has fixed seven different high-severity flaws, including two zero-day bugs.

Google hasn’t shared details about the bugs yet. Still, it confirmed the active exploitation of CVE-2021-38000 and CVE-2021-38003 in its advisory.

Regarding the first bug (CVE-2021-38000), Google has described it as an “insufficient validation of untrusted input in Intents”. This bug caught Google’s attention following the report from the Google Threat Analysis Group researchers. Whereas the other bug, CVE-2021-38003, was an “inappropriate implementation in V8” that caught the attention of Google Project Zero and Google TAG researchers.

Alongside these two, the other noteworthy bugs include CVE-2021-37997 – a use after free in Sign-In, and CVE-2021-37998 – a use after free in Garbage Collection. Reporting these vulnerabilities made the researchers earn $10,000 and $7,500, respectively, as bounties.

Previous Month’s Bug Fixes

The report for the latest two zero-day vulnerabilities is the first for October 2021. But these certainly aren’t the first this year. Instead, Google has been tackling this problem since the beginning of 2021, making up to 14 zero-day fixes until now.

Even in September, Google fixed at least five different zero-day vulnerabilities with different browser updates. These include the fix for two zero-days with Chrome 93.0.4577.82, then a single zero-day fix with Chrome 94.0.4606.61 followed by an emergency update Chrome 94.0.4606.71, addressing two more zero-days.

Given how quickly Chrome bugs go under exploit before receiving a fix, all Chrome users should keep their devices updated with the latest browser versions to avoid any threats.

Let us know your thoughts in the comments.

You may also like