Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google on Thursday rolled out an unexpected emergency update for its Chrome web browser, including fixes for two zero-working day vulnerabilities that it suggests are remaining actively exploited in the wild.

Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input in a element known as Intents as nicely as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The web giant’s Menace Investigation Team (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and Oct 26, 2021, respectively.

“Google is informed that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” the company noted in an advisory devoid of delving into specialized details about how the two vulnerabilities ended up applied in attacks or the threat actors that could have weaponized them.

Automatic GitHub Backups

Also resolved as element of this steady channel update is a use-soon after-free vulnerability in the Net Transportation element (CVE-2021-38002), which was shown for the very first time at the Tianfu Cup contest held previously this thirty day period in China. With these patches, Google has settled a record 16 zero-days in the web browser due to the fact the start of the year —

Chrome customers are recommended to update to the most recent edition (95..4638.69) for Windows, Mac, and Linux by heading to Configurations > Assistance > ‘About Google Chrome’ to mitigate any potential chance of active exploitation.

Fibo Quantum