Time to update Chrome again: latest update fixes two 0-day vulnerabilities
Google released a new security update for the company’s Chrome browser on October 28, 2021. The new update fixes eight security vulnerabilities in the web browser, two of which are exploited in the wild according to Google.
As with all versions of Chrome, these are deployed over time across the entire browser population. Chrome users should consider updating as soon as possible to fix the vulnerabilities to block any attempt to exploit the vulnerabilities.
Desktop Chrome users should point their browser to hrome: // settings / help to start checking for the update. The same page opens by going to the Chrome menu> Help> About Google Chrome.
Chrome displays the installed version on the page and checks for updates when it opens. Any new version found is downloaded and installed automatically. The user then just has to click on the restart button to complete the installation.
A check on the same page after the update should return version 95.0.4638.69 (official version).
Chrome users on Android cannot apply the update the same way. Its distribution is managed by Google Play.
The latest version of Chrome for the stable channel fixes a total of eight security vulnerabilities. All issues reported by external security searches have a high severity rating, the second highest after critical.
The two vulnerabilities exploited in the wild are:
[$N/A] High CVE-2021-38000: Insufficient validation of unreliable entries in intents. Reported by Clement Lecigne, Neel Mehta and Maddie Stone of Google Threat Analysis Group on 2021-09-15
[$TBD] High CVE-2021-38003: Inappropriate implementation in V8. Reported by Clément Lecigne of Google TAG and Samuel Groß of Google Project Zero on 2021-10-26
Google did not reveal any additional details. It is not clear how widespread the attacks are and how they are carried out.
Google has already fixed a total of 15 zero-day vulnerabilities in Chrome in 2021.
Now you: are you using google chrome?