Google Releases Critical Security Update For Chrome That Fixes A 0-Day Vulnerability

Google has released a new security update for its Chrome web browser that is fixing several security vulnerabilities in the browser. One of the security vulnerabilities is exploited in the wild, another received the highest severity rating of critical.

The update will be sent to all Chrome installations worldwide. It may take some time, days or even weeks, before the updates are available through the automatic update feature of the Chrome browser.

Desktop users can perform manual update checks to protect their browser installations right away.

Select Menu> Help> About Google Chrome, or load chrome: // settings / help to open the update page. Chrome displays the installed version, checks for updates, and will download and install any new version of the browser it finds.

The fully updated desktop version is 96.0.4664.110. Android users cannot force a manual browser check on their devices as this is exclusively managed by Google Play.

Vulnerabilities

Google lists five vulnerabilities that are fixed with the Chrome update on the Official Release Blog:

• [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
• [$5000][1270658] High CVE-2021-4099: Use after free at Swiftshader. Reported by Aki Helin from Solita on 2021-11-16
• [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin from Solita on 2021-11-19
• [$TBD][1262080] High CVE-2021-4101: Stack buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
• [$TBD][1278387] High CVE-2021-4102: Use after free on V8. Reported by Anonymous on 2021-12-09

The vulnerability with the ID CVE-2021-4102 is exploited in the wild according to Google. The security issue exploits a user after free on Chrome’s V8 JavaScript engine. Post-use of free vulnerabilities can often be exploited to run arbitrary code on target machines. Google has not disclosed the extent of the attacks that exploit the vulnerability.

Chrome users are advised to update their browsers as soon as possible to protect against potential attacks.

Google released a security update for Chrome 96 last week. The company has patched 16 zero-day vulnerabilities in Chrome in 2021. Other Chromium-based browser manufacturers may release security updates for their products as well to address these issues.

Now you: When do you update your browsers and other programs?

advertising