Google has released an emergency update Chrome 94.0.4606.71 that fixes two zero-day vulnerabilities being exploited in the wild. These are the second and third zero-day vulnerabilities found this year. A total of twelve zero-days have been found in the browser since January. The new version will be released on all three platforms, Windows, Mac, Linux, to fix these issues.
Google stated the following:
“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,”“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in Thursday’s security update. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Here are details on the two zero-days:
- CVE-2021-37976 Google Project Zero found a bug in a critical component of Chrome. The bug was rated as a Medium severity issue and was assigned a CVE designation. Google TAG researcher Clément Lecigne reported the bug on September 21, 2016. He received assistance from Sergei Glazunov and Mark Brand from Google Project Zero.
Update Google Chrome
If your a MSP using Kaseya I have a Patch MY PC Script that you can deploy to all your systems that can be scheduled to run on a weekly basis.