Jump to content
  • Google pushes emergency Chrome update to fix zero-day used in attacks


    Karlston

    • 456 views
    • 3 minutes
     Share


    • 456 views
    • 3 minutes

    Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild.

     

    "Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild," the browser vendor said in today's security advisory.

     

    Although the company says this update may take some time to reach all users, the update has already begun rolling out Chrome 96.0.4664.110 worldwide in the Stable Desktop channel. 

     

    The update was available immediately when BleepingComputer checked for new updates from Chrome menu > Help > About Google Chrome. The browser will also auto-check for recent updates and update itself automatically after the next launch.

     

    Google_Chrome_96_update.jpg

    Google Chrome 96 update

    Zero-day exploitation details not revealed

    The zero-day bug fixed today, tracked as CVE-2021-4102, was reported by an anonymous security researcher and is a use after free weakness in the Chrome V8 JavaScript engine.

     

    Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox.

     

    While Google said it detected in the wild attacks abusing this zero-day, it did not share additional info regarding these incidents.

     

    "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added.

     

    "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

     

    Until the browser vendor releases additional details regarding this bug's in the wild exploitation, users should have enough time to upgrade Chrome and prevent exploitation attempts.

    Sixteenth Chome zero-day fixed this year

    With this update, Google has addressed 16 Chrome zero-day vulnerabilities since the start of the year.

     

    The other 15 zero-days patched in 2021 are listed below:

     

     

    Because this zero-day is known to have been used by attackers in the wild, installing today's Google Chrome update is strongly recommended as soon as it's available.

     

     

    Google pushes emergency Chrome update to fix zero-day used in attacks


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...