Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild.
This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in the wild.
Below is the list of the other nine zero-day vulnerabilities addressed in Chrome in 2021:
Both zero-day vulnerabilities fixed in Chrome 93.0.4577.82 were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API.
“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” reads the release note published by the company.
Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two vulnerabilities were reported by anonymous researchers.
The two zero-day flaws could be exploited to trigger a DoS condition and under specific circumstances they can allow attackers to escape the sandbox, perform remote code execution, and carry out other malicious activities.
The full list of bugs addressed with the latest release is:
Google urges its users to update their Google Chrome installs to the latest version immediately.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Google)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.