Chrome 94.0.4606.61 fixes 0-day

Posted on 2021-09-25 by guenni

[German]Google has surprisingly released the stable version of Google Chrome 94.0.4606.61 for Windows, Mac and Linux on September 24, 2021. It is a security update that closes a 0-day vulnerability. Here is a brief overview of what problem has been fixed.

Advertising

In the Google blog there is this post with the brief description of the 0-day vulnerability closed in Chrome 94.0.4606.61 for desktop.

[$NA][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

If this vulnerability is successfully exploited, attackers can execute arbitrary code on computers running unpatched versions of Chrome. Google writes that it has been informed that the CVE-2021-37973 vulnerability, rated "High", is already being exploited for attacks in the wild. However, details about the vulnerability will not be published until the majority of users have updated.

The colleagues from Bleeping Computer have collected some more information here. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update function in the next few days. The latest build of the Chrome browser can also be downloaded here.

Microsoft  publishes CVE list

I have received a revised CVE list for Chrome and Edge from Microsoft as a security advisory dated September 24, 2021.

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: September 24, 2021
**************************************************************************************

Advertising

Summary
=======

The following CVEs were assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.

See here for more information about third-party CVEs in the Security Update Guide.

* CVE-2021-37973
* CVE-2021-37956
* CVE-2021-37957
* CVE-2021-37958
* CVE-2021-37959
* CVE-2021-37960
* CVE-2021-37961
* CVE-2021-37962
* CVE-2021-37963
* CVE-2021-37964
* CVE-2021-37965
* CVE-2021-37966
* CVE-2021-37967
* CVE-2021-37968
* CVE-2021-37969
* CVE-2021-37970
* CVE-2021-37971
* CVE-2021-37972

Revision Information:
=====================

– Version 1.0
– Reason for Revision: Information published.
– Originally posted: September 24, 2021

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in browser, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *