Google releases critical security update for Chrome that fixes a 0-day vulnerability

Google released a new security update for its Chrome web browser that is fixing several security vulnerabilities in the browser. One of the security vulnerabilities is exploited in the wild, another received the highest severity rating of critical.

The update is being pushed out to all Chrome installations worldwide. It may take some time, days or even weeks, before the updates become available through the automatic update feature of the Chrome browser.

Desktop users may run manual checks for updates to protect their browser installations right away.

Select Menu > Help > About Google Chrome, or load chrome://settings/help to open the update page. Chrome displays the installed version, runs a check for updates, and will download and install any new version of the browser that it finds.

The fully updated desktop version is 96.0.4664.110. Android users can't force a manual check of the browser on their devices, as this is exclusively managed by Google Play.

The vulnerabilities

Google lists five vulnerabilities that are fixed by the Chrome update on the official Releases Blog:

• [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
• [$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
• [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
• [$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
• [$TBD][1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

The vulnerability with the ID CVE-2021-4102 is exploited in the wild according to Google. The security issue exploits a user after free in Chrome's JavaScript engine V8. Use after free vulnerabilities can often be exploited to run arbitrary code on target machines. The scope of attacks that exploit the vulnerability has not been revealed by Google.

Chrome users are advised to update their browsers as soon as possible to protect them against potential attacks.

Google released a security update for Chrome 96 just last week. The company has patched 16 Zero-day vulnerabilities in Chrome in 2021. Other Chromium-based browser makers may release security updates for their products as well to address these issues.

Now You: when do you update your browsers and other programs?

Thank you for being a Ghacks reader. The post Google releases critical security update for Chrome that fixes a 0-day vulnerability appeared first on gHacks Technology News.