Google released a security update for the company’s Google Chrome web browser on September 13, 2021. The update is now available and most Chrome installations should automatically receive it thanks to the built-in update functionality.
Chrome users can check the installed version by selecting Menu> Help> About Google Chrome, or by launching chrome: // settings / help instead. The page displays the installed version and runs a search for updates. If Chrome is not up to date, the latest update will be downloaded and installed. A reboot is required to complete the process.
The latest version at the time of writing is Chrome 93.0.4577.82 stable. Includes security updates.
Google’s official Chrome Release blog post reveals that the update fixed 11 security issues. 9 of the 11 issues are listed on the page and all received a high severity rating, the second highest after critical.
Google specifically mentions the two vulnerabilities CVE-2021-30632 and CVE-2021-30633, as they are exploited in the wild.
Google is aware that the exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.
Google does not provide additional information. The extent of attacks in the wild is unknown, as are other important factors such as how the attacks are carried out and whether users can take other precautions to avoid being attacked.
The two vulnerabilities are the only ones that were submitted anonymously; all other vulnerabilities listed on the page have the reporter listed.
[$TBD][1247763] High CVE-2021-30632: Write out of bounds in V8. Reported by Anonymous on 2021-09-08
[$TBD][1247766] High CVE-2021-30633: Use it after free in the indexed database API. Reported by Anonymous on 2021-09-08
It may take days or weeks for Chrome to update automatically. Desktop users can speed up the update installation by following the instructions at the top of the article. Since it is not clear how serious and far-reaching the attacks are, it is recommended to update Chrome quickly or start using a different browser in the meantime.
advertising