Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.
“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google disclosed in the list of security fixes in today’s Google Chrome release.
While Google states that the new version may take some time to reach everyone, the update has already started rolling out Chrome 95.0.4638.69 to users worldwide in the Stable Desktop channel.
Also Read: What is Social Engineering and How Does it Work?
To install the Chrome update immediately, go to Chrome menu > Help > About Google Chrome, and the browser will begin performing the update.
Google Chrome will also check for available updates and install them the next time you launch the web browser.
This Chrome release fixes a total of seven vulnerabilities, with two being zero-days that are known to have been exploited in the wild.
The first zero-day, tracked as CVE-2021-38000, is described as an “Insufficient validation of untrusted input in Intents” and was assigned a High severity level. This vulnerability was discovered by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on September 15th, 2021.
The second zero-day, tracked as CVE-2021-38003, is a High severity “Inappropriate implementation” bug in the Chrome V8 JavaScript engine. This vulnerability was discovered by Lecigne as well and reported on October 24th.
At this time, Google or the researchers have not provided further details regarding how threat actors used the vulnerabilities in attacks. However, as Google discovered the vulnerabilities, we may learn more in future reports by Google TAG or Project Zero.
As these two vulnerabilities have been used in attacks, it is suggested that all Chrome users perform a manual upgrade or restart their browser to install the latest version.
Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software
With these fixes, Google has patched 15 Chrome zero-day vulnerabilities since the beginning of 2021.
The other thirteen zero-days patched this year are listed below:
As Google is now pushing out Chrome updates to fix zero-days as they are reported, it is strongly advised that users do not block updates and install new versions as they become available.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.