[German]Google has surprisingly released an update to Google Chrome 94.0.4606.71 for Windows, Mac and Linux on September 20, 2021. It is a security update that closes vulnerabilities rated as high. Some of the vulnerabilities are being exploited – here's a brief overview.
Advertising
The Google blog has this post diesen Beitrag with the brief description of the vulnerabilities closed in Chrome 94.0.4606.71 for desktop.
- [$20000][1245578] High CVE-2021-37974 : Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01
- [$TBD][1252918] High CVE-2021-37975 : Use after free in V8. Reported by Anonymous on 2021-09-24
- [$NA][1251787] Medium CVE-2021-37976 : Information leak in core. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21
Google is aware that the CVE-2021-37975 and CVE-2021-37976 vulnerabilities exist in the wild. Especially the V8 bug could be exploited for remote code execution. However, details about the vulnerability will not be released until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update function in the next few days. The latest build of the Chrome browser can also be downloaded here.
