December 9, 2023

Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers. This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild.

“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” Google disclosed with the release of the browser fixes.

CVE-2021-37976 is described as an “information leak in core” and was assigned a Medium severity level. It was discovered by Google’s Threat Analysis Group (TAG).

CVE-2021-37975 is a user-after-free bug in the V8 JavaScript engine, that were rated as high severity. V8 is Google’s open-source, high-performance JavaScript and Web Assembly engine for Chrome and Chromium-based browsers. It translates JavaScript code into a more efficient machine code instead of using an interpreter, which speeds up the web browser. Since this vulnerable component isn’t specific to Google Chrome, it’s a good bet that other browsers are affected by the bug as well.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.