2 min read

Google Patches Zero-Day Vulnerability with Emergency Chrome Update

Vlad CONSTANTINESCU

December 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Patches Zero-Day Vulnerability with Emergency Chrome Update

Google pushed an emergency Chrome update this week to fix a severe zero-day vulnerability that has been exploited in the wild.

The patched zero-day, tracked as CVE-2021-4102, was reported by an anonymous researcher on the 9th of December, but little else is known about it. Google Chrome’s Stable and Extended Stable channels were then updated to 96.0.4664.110 for Windows, Mac, and Linux users.

The update is expected to roll out over the next few days or weeks but could take some time to reach every browser, Google announced. However, the update seems to be rolling out already.

Chrome performs regular checks for recent updates and applies them automatically upon re-launching the browser. However, users can also apply this update manually via the About Google Chrome section that can be found in the browser’s Help menu.

Aside from the zero-day vulnerability, Google Chrome’s latest update includes another four security fixes, also contributed by external researchers.

[$NA][1263457]Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
[$5000][1270658]High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
[$5000][1272068]High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
[$TBD][1262080]High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair  on 2021-10-21
[$TBD][1278387]High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

CVE-2021-4102 is a Use After Free Chrome V8 JavaScript engine vulnerability. Perpetrators rely on Use After Free vulnerabilities to crash certain programs, make them use unexpected values, or even execute arbitrary code.

Despite detecting in-the-wild exploits targeting the CVE-2021-4102 zero-day vulnerability, Google shared no additional details of the attacks.

The company added that it may restrict access to bug details and links until most users update their Chrome web browsers with a fix. Access to these details may remain restricted if the bug is detected in third-party libraries of other projects that didn’t get the chance to patch it.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data
Vlad CONSTANTINESCU

December 07, 2022

1 min read
Versailles hospital cancels operations after ransomware attack compromises computer systems Versailles hospital cancels operations after ransomware attack compromises computer systems
Alina BÎZGĂ

December 06, 2022

1 min read
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware
Vlad CONSTANTINESCU

December 06, 2022

2 min read