Google has released an update for the Chrome web browser to fix seven high-severity vulnerabilities in its popular web browser, two of which are actively exploited in the wild. "Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google said, warning users about the updated version on the stable channel. The two exploited vulnerabilities were detected by Google researchers, CVE-2021-38000 by Clement Lecigne, Neel Mehta and Maddie Stone of the Google Threat Analysis Group, and CVE-2021-38003 by Lecigne. As the bugs are actively exploited, BleepingComputer suggests users to restart their browser to see the new version or update it manually.
Zero-day browser
Google describes the CVE-2021-38000 zero-day vulnerability as "insufficient validation of untrusted input in intents," noting that it was reported last month on September 15, 2021. Meanwhile, CVE-2021-38003 zero-day is an "incorrectly implemented" bug in Chrome's open source V8 JavaScript engine, and was discovered on Sunday, October 24, 2021. Since the vulnerabilities are still being exploited, to prevent further abuse, Google has yet to share any details. about zero days or how they are exploited. However, Google security researchers often share details of vulnerabilities after the threat has passed. Most importantly, with this latest round of fixes, Google has fixed 15 Chrome zero-day vulnerabilities since early 2021, many of which were actively exploited in the wild, making it clear that Chrome has become one of the favorite Chrome targets. threat actors. . Add more layers of protection to your network with these best endpoint protection software and firewall apps and services.