Chrome browser has released a new security update on 30th September. The latest security update upgrades Chrome to stable version 94.0.4606.71. This update follows another security update for Chrome that was released last week.
The current security update of Chrome i.e. version 94.0.4606.71 fixes 3 different vulnerabilities. Two of these vulnerabilities are being actively exploited to target vulnerable systems. Both vulnerability are marked as zero-day attack vulnerabilities and require an immediate remediation through upgrade of the stable version of Chrome browser to version 94.0.4606.71.
The details of vulnerabilities fixed in the current security update for the Chrome browser are mentioned herein:
- CVE-2021-37974 – this is a high impact vulnerability. It was first reported on 1st September, and fixed as part of the latest security release. Details of the vulnerability have not been published yet. However, Google security release does mention that the type of vulnerability is ‘Use after Free in safe browsing’. You can read more about the details of the vulnerability on this page. This vulnerability allows a remote attacker to potentially bypass the sandbox on Google through a crafted HTML page. This is a zero-day vulnerability that needs to be immediately patched through an upgrade to Google Chrome 94.0.4606.71.
- CVE-2021-37975 – this is a high impact vulnerability that was first discovered on 24th September. It is being actively exploited by the attackers. Details of the vulnerability are unknown. These are likely to be provided or shared once the fix has been applied through the latest stable version release of Chrome. The vulnerability is of the type – ‘Use after free in v8’. This is of the type of RCE vulnerability that allows a remote attacker to perform code exploitation through a security loophole. This is a also zero-day vulnerability that needs to be immediately patched through an upgrade to Google Chrome 94.0.4606.71.
- CVE-2021-37976 – this is a medium impact vulnerability that was first reported on 21 September, and resolved through the update of Chrome to stable version 94.0.4606.71. The type of this vulnerability is ‘Information leak in core’. This means that the vulnerability allows a remote attacker to steal data from the affected system.
The Chrome update version 94.0.4606.71 has been made available for Windows operating system, Mac and Linux. As of October 1st, we expect that Chrome security update to mitigate these two zero-day vulnerabilities – CVE-2021-37974 and CVE-2021-37975 will be made available in a week’s time.
If you wish to install the latest stable release version of Chrome on your system, please go to Settings menu on Chrome —->Help—–>About Chrome. If your system is not running the latest stable release version, it will be automatically upgraded to the version 94.0.4606.71.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.