Google has released an emergency Chrome update to fix issues that are being actively exploited.
Google has released an update for the Chrome web browser to fix seven high-severity vulnerabilities in its popular web browser, two of which are being actively exploited in the wild, reads a new report from Bleeping Computer.
“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” said Google as it notified users of the updated release in the Stable channel.
Both of the exploited vulnerabilities were caught by Google researchers: CVE-2021-38000 by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group, and CVE-2021-38003 by Lecigne.
CVE-2021-38000 is a design flaw due to “insufficient validation of untrusted input in Intents”. It was reported by TAG on September 15.
>CVE-2021-38003 — a memory corruption flaw, according to Google Project Zero’s zero-day tracker — is described vaguely as “inappropriate implementation in V8.” V8 is Chrome’s powerful JavaScript engine that Groß hopes to shore up with additional sandboxing protections.
This Chrome release marks the 14th zero-day flaw Google has patched in Chrome this year. The 10th was in mid-September when it patched two zero-days. It patched two more zero-days at the end of September and a further two on Thursday.
