Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild.
The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution of arbitrary code or data corruption.
“Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.” reads the advisory published by Google which did not share additional info regarding these attacks.
The vulnerability was reported by an anonymous researcher on 2021-12-09.
Google has already addressed 17 zero-day vulnerabilities in Chrome this year, below is the full list:
Be sure to update your Chrome install to the latest 96.0.4664.110 version for Windows, Mac, and Linux.
The other issues fixed by Google with the latest release are:
[$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
[$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
[$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
[$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]