Google released it Chrome 95.0.4638.69 για Windows, Mac και Linux για να διορθώσει two zero-day vulnerabilities already used by attackers.
"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 are already in circulation," Google disclosed in its security patch list today version Google Chrome.
But we know that a new version may take a while to reach everyone. So it is a good idea to update manually from the Stable Desktop channel.
To install the Chrome update right away, you need to go to Chrome menu> Help> About Google Chrome and the browser will start updating.
Zero-days of course were not revealed
This version of Chrome fixes a total of seven vulnerabilities, two of which are 0day already in use by malicious users.
Το πρώτο 0day (CVE-2021-38000), περιγράφεται σαν “Ανεπαρκής επικύρωση μη αξιόπιστης εισtreatmentς σε Intent” και έχει χαρακτηριστεί υψηλής σοβαρότητας. Αυτή η ευπάθεια ανακαλύφθηκε από τους Clement Lecigne, Neel Mehta και Maddie Stone της Google Threat Analysis Group στις 15 Σεπτεμβρίου του 2021.
The second 0day, (CVE-2021-38003), is a "Serious Implementation" error again in the Chrome V8 JavaScript engine. This vulnerability was also discovered by Lecigne and reported on October 24.
At this time, Google has not provided further details for obvious reasons. However, as the new version is released we will learn more in future posts from the Google TAG blogs or Project Zero.
With these fixes, Google has closed 15 zero-days of Chrome since the beginning of 2021.
The other 13 zero-days corrected this year are listed below:
CVE-2021-21148 - 4 February 2021
CVE-2021-21166 - March 2, 2021
CVE-2021-21193 - March 12, 2021
CVE-2021-21220 - April 13, 2021
CVE-2021-21224 - 20 April 2021
CVE-2021-30551 - 9 June 2021
CVE-2021-30554 - 17 June 2021
CVE-2021-30563 - 15 July 2021
CVE-2021-30632 and CVE-2021-30633 - 13 September
CVE-2021-37973 - 24 September 2021
CVE-2021-37976 and CVE-2021-37975 - September 30, 2021