Google Patches Critical Vulnerabilities in Chrome

Google has released an emergency update to fix 3 vulnerabilities in Chrome, 2 of them are being exploited in the wild.

Successful exploitation of these vulnerabilities could lead to remote arbitrary code execution.

The vulnerabilities

CVE-2021-37974 CVSS 3.1 score 7.7

Use after free in Safe Browsing.

The exploitation doesn’t require any form of authentication.

CVE-2021-37975 CVSS 3.1 score 8.4

Use after free in V8.

The exploitation doesn’t require any form of authentication.

This vulnerability is being exploited in the wild

CVE-2021-37976 CVSS 3.1 score 7.2

Information leak in core.

The exploitation doesn’t require any form of authentication.

This vulnerability is being exploited in the wild

Affected Products

These vulnerabilities affect all Chrome and Chromium-based browsers.

Mitigation

CYREBRO urges to update the browser to the latest Chrome version 94.0.4606.71

References: Google Advisory

Sign Up for Updates