Home Internet Security Google patches 10th Chrome zero-day exploited in the wild this year

Google patches 10th Chrome zero-day exploited in the wild this year

12
0


Google Chrome

Google has launched Chrome 93.0.4577.82 for Home windows, Mac, and Linux to repair eleven safety vulnerabilities, two of them being zero-days exploited within the wild.

“Google is conscious that exploits for CVE-2021-30632 and CVE-2021-30633 exist within the wild,” the corporate revealed within the launch notes for the brand new Chrome model.

The replace is presently rolling out worldwide within the Secure desktop channel, and Google states it’ll grow to be obtainable to everybody over the subsequent few days.

The replace was obtainable instantly when BleepingComputer carried out a handbook examine for brand spanking new updates (Chrome menu Assist About Google Chrome).

Google Chrome may even routinely examine for brand spanking new updates the subsequent time you restart the browser.

Tenth zero-day fastened in 2021

The 2 zero-day vulnerabilities fastened as we speak have been disclosed to Google on September eighth, 2021, and are each reminiscence bugs.

The CVE-2021-30632 is an out-of-bounds write within the V8 JavaScript engine, and the CVE-2021-30633 bug is a use-after-free bug within the Listed DB API. 

Whereas these bugs typically result in browser crashes, risk actors can generally exploit them to carry out distant code execution, sandbox escapes, and different malicious conduct.

Whereas Google has disclosed that each bugs have been exploited within the wild, they haven’t shared additional data concerning the assaults.

With these two vulnerabilities, Google has now patched a complete of ten zero-day vulnerabilities in Chrome in 2021.

Different vulnerabilities fastened this yr are:

As these vulnerabilities are recognized to have been exploited within the wild, it’s strongly suggested that every one Google Chrome replace to the newest model instantly.



Source link