Google on Thursday pushed out urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company says are being exploited in the wild, making it the fourth and fifth actively connected zero days. this month only.
As is generally the case, the tech giant has refrained from sharing further details on how these zero-day vulnerabilities were used in attacks until a majority of users were put. updated with the fixes, but noted that he was aware that “the exploits for CVE-2021 -37975 and CVE-2021-37976 exist in the wild.”
An anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Clément Lecigne of Google Threat Analysis Group, who has also been credited with CVE-2021-37973, another actively exploited vulnerability in Chrome’s Portals API that has been reported. last week, raising the possibility that the two flaws could have been linked as part of a chain of exploitation to execute arbitrary code.
With the latest update, Google processed a record 14 zero-days in the web browser since the start of the year.
Chrome users are advised to update to the latest version (94.0.4606.71) for Windows, Mac, and Linux by going to Settings> Help> “About Google Chrome” to mitigate any potential risk of exploitation active.