Google has released Chrome 93 security update (93.0.4577.82) with fixes for 2 zero-day vulnerabilities under attack.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The Chrome 93 security update patched 11 vulnerabilities in all, 9 of those rated High severity and discovered by external researchers (bold with active exploits):
- CVE-2021-30625: Use after free in Selection API.
- CVE-2021-30626: Out of bounds memory access in ANGLE.
- CVE-2021-30627: Type Confusion in Blink layout.
- CVE-2021-30628: Stack buffer overflow in ANGLE.
- CVE-2021-30629: Use after free in Permissions.
- CVE-2021-30630: Inappropriate implementation in Blink .
- CVE-2021-30631: Type Confusion in Blink layout.
- CVE-2021-30632: Out of bounds write in V8.
- CVE-2021-30633: Use after free in Indexed DB API
Google warned it “is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.”
Finally, Google also released Chrome 93 (93.0.4577.82) for Android and Chrome 93 (93.0.4577.78) for iOS.
- Google releases Chrome 93 security update (93.0.4577.63) with fixes for 27 vulnerabilities
- Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack
- Google releases Chrome security update (92.0.4515.159) with fixes for 9 vulnerabilities
- Google releases Chrome security update (92.0.4515.107) with fixes for 35 vulnerabilities
- Google fixes Chrome zero-day (CVE-2021-30563) exploited in the wild
- Google fixes Chrome zero-day (CVE-2021-30554) exploited in the wild
- Google fixes Chrome zero-day (CVE-2021-30551) exploited in the wild