Google has released Chrome 94 security update with patches for 2 zero-day vulnerabilities exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The Chrome 94 security update (94.0.4606.71) patched 4 vulnerabilities in total, to include these 2 High severity vulnerabilities contributed by external security researchers:
- CVE-2021-37974: Use after free in Safe Browsing.
- CVE-2021-37975: Use after free in V8.
In addition, Google patched one Medium severity ‘information leak in core’ vulnerability CVE-2021-37976.
Google warned that it “is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.”
Finally, Google also released Chrome 94 (94.0.4606.71) for Android.
- Google Chrome 94 security update fixes zero-day vulnerability (CVE-2021-37973) under attack
- Google releases Chrome 93 security update (93.0.4577.82) with fixes for 2 zero-days under attack
- Google releases Chrome 93 security update (93.0.4577.63) with fixes for 27 vulnerabilities
- Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack