2 min read

Google Patches Zero-Day Vulnerability with Emergency Chrome Update

Vlad CONSTANTINESCU

December 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Patches Zero-Day Vulnerability with Emergency Chrome Update

Google pushed an emergency Chrome update this week to fix a severe zero-day vulnerability that has been exploited in the wild.

The patched zero-day, tracked as CVE-2021-4102, was reported by an anonymous researcher on the 9th of December, but little else is known about it. Google Chrome’s Stable and Extended Stable channels were then updated to 96.0.4664.110 for Windows, Mac, and Linux users.

The update is expected to roll out over the next few days or weeks but could take some time to reach every browser, Google announced. However, the update seems to be rolling out already.

Chrome performs regular checks for recent updates and applies them automatically upon re-launching the browser. However, users can also apply this update manually via the About Google Chrome section that can be found in the browser’s Help menu.

Aside from the zero-day vulnerability, Google Chrome’s latest update includes another four security fixes, also contributed by external researchers.

[$NA][1263457]Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
[$5000][1270658]High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
[$5000][1272068]High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
[$TBD][1262080]High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair  on 2021-10-21
[$TBD][1278387]High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

CVE-2021-4102 is a Use After Free Chrome V8 JavaScript engine vulnerability. Perpetrators rely on Use After Free vulnerabilities to crash certain programs, make them use unexpected values, or even execute arbitrary code.

Despite detecting in-the-wild exploits targeting the CVE-2021-4102 zero-day vulnerability, Google shared no additional details of the attacks.

The company added that it may restrict access to bug details and links until most users update their Chrome web browsers with a fix. Access to these details may remain restricted if the bug is detected in third-party libraries of other projects that didn’t get the chance to patch it.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps
Vlad CONSTANTINESCU
2 min read
Microsoft May Patch Tuesday Causes AD Authentication Failures Microsoft May Patch Tuesday Causes AD Authentication Failures
Vlad CONSTANTINESCU
1 min read
Rejuvenated FluBot Campaign Moves to Finland; iPhone Users Also Targeted Rejuvenated FluBot Campaign Moves to Finland; iPhone Users Also Targeted
Filip TRUȚĂ

May 11, 2022

3 min read