June 7, 2023

Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers. This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild.

“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” Google disclosed with the release of the browser fixes.

CVE-2021-37976 is described as an “information leak in core” and was assigned a Medium severity level. It was discovered by Google’s Threat Analysis Group (TAG).

CVE-2021-37975 is a user-after-free bug in the V8 JavaScript engine, that were rated as high severity. V8 is Google’s open-source, high-performance JavaScript and Web Assembly engine for Chrome and Chromium-based browsers. It translates JavaScript code into a more efficient machine code instead of using an interpreter, which speeds up the web browser. Since this vulnerable component isn’t specific to Google Chrome, it’s a good bet that other browsers are affected by the bug as well.

Tags:

Leave a Reply

You may have missed

Synk Platform Enhancements

Synk Platform Enhancements

June 7, 2023
Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
%d bloggers like this: