Google considers the vulnerabilities to be "high severity," as an attacker could exploit them and take control of the effected system, and urges its users to download the update immediately.
Google has released a critical security update for its Chrome browsing program, patching up eleven security vulnerabilities, including two zero-day vulnerabilities that were exploited in the wild.
In the release notes for the new Chrome version, the company said, “Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.”
The update will roll out worldwide over the coming days and weeks for the program’s estimated 2 billion users.
Google considers the vulnerabilities to be "high severity," as an attacker could exploit them and take control of the effected system, and urges its users to download the update immediately.
The update comes after it confirmed the presence of five "high-level" security flaws in the Chrome program.
Various security researchers worked with Google during the development cycle to prevent security bugs from ever reaching the stable channel, Google says.
Based on the dates, it is safe to assume the source for both zero-day flaws is the same. As for their brief descriptions, V8 is the open source JavaScript engine at the heart of Chrome, while Use-After-Free (UAF) vulnerabilities relate to the incorrect use of dynamic memory during program operation.
If the program doesn’t clear the pointer to memory after it is freed, hackers can use this error to exploit the program.
UAF vulnerabilities were the source of five ‘High’ rated Chrome threats earlier this month, while V8 was the target of the last zero-day Chrome hack in July. Google also warns that nine further “high” level threats have been found in Chrome, but they are not currently believed to have been exploited in the wild.
Tags: #computers, #bugs, #GoogleChromes, #programupdates