Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two actively exploited zero-day vulnerabilities.
Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two zero-day vulnerabilities, tracked as CVE-2021-38000 and CVE-2021-38003, actively exploited in attacks in the wild.
Google fixed a total of seven vulnerabilities with the latest release of the popular browser.
CVE-2021-38000 is an insufficient validation of untrusted input in Intents, the flaw was reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15.
CVE-2021-38003 is an Inappropriate implementation in V8 open-source high-performance JavaScript and WebAssembly engine. This vulnerability was reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26
“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.” reads the security advisory published by Google.
The IT giant did not reveal the details of the attacks exploiting the above flaws.
Google already addressed a total of fifteenth zero-day vulnerabilities since the beginning of the year, below is the complete list:
The other thirteen zero-days patched this year are listed below:
- CVE-2021-21148 – February 4th, 2021
- CVE-2021-21166 – March 2nd, 2021
- CVE-2021-21193 – March 12th, 2021
- CVE-2021-21220 – April 13th, 2021
- CVE-2021-21224 – April 20th, 2021
- CVE-2021-30551 – June 9th, 2021
- CVE-2021-30554 – June 17th, 2021
- CVE-2021-30554 – June 17th, 2021
- CVE-2021-30563 – July 15th, 2021
- CVE-2021-30632 & CVE-2021-30633 – Sept 13th, 2021
- CVE-2021-37973 – Sept 24th, 2021
- CVE-2021-37975 and CVE-2021-37976 – Oct, 13st, 2021
- CVE-2021-38000 and CVE-2021-38003 – Oct, 28th 2021
Be sure to update your Chrome install to the latest 95.0.4638.69 version for Windows, Mac, and Linux.
To read the original article:
https://securityaffairs.co/wordpress/123906/security/chrome-zero-day-flaws.html