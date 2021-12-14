Audio player loading…

Users of Google Chrome have been told to download and update their software with an emergency patch that fixes a potentially dangerous security flaw.

The company has issued Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability for its web browser that has apparently already been exploited.

"Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild," the company said in a security advisory. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."

Google says the flaw, labelled as CVE-2021-4102, was reported anonymously, and rates its severity as high.

It concerns a “use after free” vulnerability in the Chrome V8 JavaScript engine, which could allow third-parties to hack into the program and execute external code.

The company has also addressed four other security issues in its new release, three of which are also rated as high, and one rated as "critical".

This latter threat, CVE-2021-4098, discovered by Google Project Zero researcher Sergei Glazunov, concerned insufficient data validation in Mojo, a collection of runtime libraries managing Chrome's inter-process communication system.

The update can be installed by restarting your browser.

The news comes shortly after Google announced it had reconfigured the Privacy and Security settings in its latest Chrome beta release in a bid to streamline the ability to delete data stored by websites. The company claims the move will enable users of the web browser to better understand and manage their privacy on the web by providing more clarity on controlling a site’s storage settings.

Via MSPowerUser