Google has once again pushed out an update for its Chrome web browser (opens in new tab) that patches a couple of zero-day vulnerabilities that have publicly available exploits.
The two zero-days, tracked as CVE-2021-37975, and CVE-2021-37976 are in fact part of a total of four security issues addressed in Chrome 94.0.4606.71, three of which were discovered by external security researchers.
“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” note (opens in new tab) the Chrome developer team.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Here’s our list of the best web browsers (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
- These are the best malware removal (opens in new tab) software on the market
The search giant added that Chrome 94.0.4606.71 has begun rolling out to users tuned into the browser’s Stable Desktop channel.
Reporting on the release, BleepingComputer notes that the two fixes in this release bring the total number of zero-days (opens in new tab) fixed in Chrome this year alone, up to thirteen.
While Google has acknowledged the availability of exploits for these two vulnerabilities, it hasn’t shared any details on the exact exploitation mechanism.
However, BleepingComputer opines that use after free vulnerabilities are usually used to escape the browser’s security sandbox, and even perform remote code execution attacks.
In any case, all Chrome users are advised to install the updated release as and when it becomes available.
- Protect your devices with these best antivirus software (opens in new tab)
Via BleepingComputer (opens in new tab)