PSA: Update Google Chrome now to fix two zero-day flaws

Google Chrome is probably the most widely used browser on the planet, and that’s precisely why it gets targeted so often. No browser or piece of software is perfect; after all, it’s all created by imperfect humans. Browsers like Chrome can have specific code written in such a way that leaves open doors or ways to exploit it.

There are many different errors or flaws that can happen to browsers like Google Chrome, and the zero-day flaw is discovered and exploited on the same day. Often, security researchers find flaws and report them to the software maker, and they are patched before the flaw is known to a broader audience. This is the best-case scenario because it gives the software maker time to patch and users time to update before a hacker can exploit it.

In this case, the flaws were reported, but hackers already knew about them and are actively exploiting it in the wild. So this is why it’s crucial to drop what you’re doing and update Google Chrome now. Google has released an update that will patch both flaws, designated as CVE-2021-37975 and CVE-2021-37976.

As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it’s aware that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.”

An anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Clément Lecigne from Google Threat Analysis Group, who was also credited with CVE-2021-37973, another actively exploited use-after-free vulnerability in Chrome’s Portals API that was reported last week, raising the possibility that the two flaws may have been stringed together as part of an exploit chain to execute arbitrary code.

The Hacker News

Have you updated Google Chrome?