If you are like me, you are not too bothered by the Update warning in Chrome and do not rush to close all your tabs and restart your browser when it shows up.
On this occasion, however, it may be a good idea to heed the warning and install the new update Google has just made available, as it addresses two zero-day vulnerabilities which are being actively exploited in the wild.
CVE-2021-37976 is described as an “Information leak in core” with a Medium severity level while CVE-2021-37975 is a use after free bug in the Chrome V8 JavaScript engine with a High severity rating. Use after free bugs can often be used for remote code exploits or to escape the browser sandbox.
“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” Google notes in their advisory.
Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux to fix the issue.
If you have the update prompt simply pressing the button will update you to the latest, safer version of Chrome, otherwise going to Chrome menu > Help > About Google Chrome will also get you the latest release.
The update is the 13th Zero-day vulnerability Chrome has had to fix this year. Since Edge also uses the Chromium engine it is likely it is affected by the same issue.
via BleepingComputer
