Google Releases Chrome Update Fixing Seven Severe Vulnerabilities

Google has released an emergency Chrome update to fix issues that are being actively exploited.

Google has released an update for the Chrome web browser to fix seven high-severity vulnerabilities in its popular web browser, two of which are being actively exploited in the wild, reads a new report from Bleeping Computer.

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” said Google as it notified users of the updated release in the Stable channel.

Both of the exploited vulnerabilities were caught by Google researchers: CVE-2021-38000 by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group, and CVE-2021-38003 by Lecigne.

CVE-2021-38000 is a design flaw due to “insufficient validation of untrusted input in Intents”. It was reported by TAG on September 15.

>CVE-2021-38003 — a memory corruption flaw, according to Google Project Zero’s zero-day tracker — is described vaguely as “inappropriate implementation in V8.” V8 is Chrome’s powerful JavaScript engine that Groß hopes to shore up with additional sandboxing protections.

This Chrome release marks the 14th zero-day flaw Google has patched in Chrome this year. The 10th was in mid-September when it patched two zero-days. It patched two more zero-days at the end of September and a further two on Thursday.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.