Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild.This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in the wild.

Both zero-day vulnerabilities fixed in Chrome 93.0.4577.82 were disclosed to Google on September 8th, 2021. The first issue, tracked as CVE-2021-30632 is an out-of-bounds write that resides in the V8 JavaScript engine, while the CVE-2021-30633 flws is a use-after-free vulnerability that impacts the Indexed DB API. 

Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two zero-day flaws could be exploited to trigger a DoS condition and under specific circumstances they can allow attackers to escape the sandbox, perform remote code execution, and carry out other malicious activities.

Below is the list of the other nine zero-day vulnerabilities addressed in Chrome in 2021:

The full list of bugs addressed with the latest release is:

  • High CVE-2021-30625: Use after free in Selection API.
  • High CVE-2021-30626: Out of bounds memory access in ANGLE.
  • High CVE-2021-30627: Type Confusion in Blink layout.
  • High CVE-2021-30628: Stack buffer overflow in ANGLE.
  • High CVE-2021-30629: Use after free in Permissions.
  • High CVE-2021-30630: Inappropriate implementation in Blink.
  • High CVE-2021-30631: Type Confusion in Blink layout.
  • High CVE-2021-30632: Out of bounds write in V8.
  • High CVE-2021-30633: Use after free in Indexed DB API.

Google urges its users to update their Google Chrome installs to the latest version immediately.