Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.
The updates are part of Chrome version 95.0.4638.69, which is now available via the browser’s built-in udpate mechanism.
The two zero-days are CVE-2021-38000 and CVE-2021-38003, and are the 15th and 16th zero-days that Google has patched this year—the most Google has patched in Chrome in any single calendar year since the browser’s first release in 2008.
- CVE-2021-21148 – Chrome 88.0.4324.150, on February 4, 2021.
- CVE-2021-21166 – Chrome 89.0.4389.72, on March 2, 2021.
- CVE-2021-21193 – Chrome 89.0.4389.90, on March 12, 2021.
- CVE-2021-21206 – Chrome 89.0.4389.128, on April 13, 2021.
- CVE-2021-21220 – Chrome 89.0.4389.128, on April 13, 2021.
- CVE-2021-21224 – Chrome 90.0.4430.85, on April 20, 2021.
- CVE-2021-30551 – Chrome 91.0.4472.101, on June 9, 2021.
- CVE-2021-30554 – Chrome 91.0.4472.114, on June 17, 2021.
- CVE-2021-30563 – Chrome 91.0.4472.164, on July 15, 2021.
- CVE-2021-30632 – Chrome 93.0.4577.82, on September 13, 2021.
- CVE-2021-30633 – Chrome 93.0.4577.82, on September 13, 2021.
- CVE-2021-37973 – Chrome 94.0.4606.61, on September 24, 2021.
- CVE-2021-37975 – Chrome 94.0.4606.71, on September 30, 2021.
- CVE-2021-37976 – Chrome 94.0.4606.71, on September 30, 2021.
As it’s standard policy, Google has not shared any details about today’s patches or the attack scenarios in which the two zero-days were used—in order to give users a safe period of time to patch before other threat actors start abusing today’s fixes.
The post Google fixes 15th and 16th Chrome zero-day this year appeared first on The Record by Recorded Future.
Article Link: Google fixes 15th and 16th Chrome zero-day this year - The Record by Recorded Future