Overview
Google has issued a new update for its Chrome browser to remediate a zero-day vulnerability that is actively exploited in the wild. Chrome for Windows, Mac and Linux should be updated immediately to the most recent version of 94.0.4606.61.
Description
Google has released a new version (94.0.4606.61) for Chrome for Windows, Mac and Linux to patch for 1 zero-day vulnerability. The vulnerability has been assigned the CVE identifier CVE-2021-37973. It is a Use After Free type security flaw that exists in Portals and has a severity rating of “High”. The vulnerability has been reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero.
Currently, Google has shared limited information about the CVE-2021-37973 but noted that Google is aware that an exploit for this vulnerability exists in the wild.
For a reminder, Google has released the previous update (93.0.4577.82) only two weeks ago to patch for a total of 11 security vulnerabilities, 2 of which were actively exploited “High” severity zero-days. Further details on the previously disclosed zero-day vulnerabilities are as follows:
- CVE-2021-30632: Out of Bounds Write in V8. Severity: High (Zero-Day)
- CVE-2021-30633: Use After Free in Indexed DB API. Severity: High (Zero-Day)
Impact
“Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”
Impact Summary CVE-2021-37973
Category: Use After Free
CVSS 3.1 Base Score: 9.6 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Solution (Update)
To defend against possible attacks due to this zero-day vulnerability, Google Chrome needs to be updated to the stable version 94.0.4606.61.
Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click More (Three vertical dots) on the top right of the Chrome browser.
Security used to be an inconvenience sometimes, but now it’s a necessity all the time.
Martina Navratilova
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- Google Chrome Releases Blog (Stable Channel Update for Desktop)
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
