Google released it Chrome 93.0.4577.82 for Windows, Mac, and Linux to correct eleven vulnerabilities, two of which are zero-day and have been used in attacks.
The company said in the release notes for the new version of Chrome that it knows the two vulnerabilities CVE-2021-30632 and CVE-2021-30633 have been used by cyber criminals.
The new update, which corrects zero-day vulnerabilities, is circulating worldwide at Stable desktop channel and Google says it will be available to all users in the coming days.
You can check for the update yourself, but the Google Chrome will also automatically check for new updates the next time the browser restarts.
Google Chrome: Ten zero-day vulnerabilities have been fixed in 2021
The two new Chrome zero-day vulnerabilities that were fixed with the new update were revealed to Google on September 8, 2021 and are both memory bugs.
These vulnerabilities lead to browser crashes, however, they can sometimes be used for execute commands remotely and for other malicious activities.
Google has revealed that both bugs have been used by criminals, but did not provide further details on the attacks.
The following is a list of Chrome zero-day bugs that Google has fixed in 2021. Along with the two new bugs, Google has fixed 10 zero-days within the year:
- CVE-2021-21148 - 4 February 2021
- CVE-2021-21166 - March 2, 2021
- CVE-2021-21193 - March 12, 2021
- CVE-2021-21220 - 13 April 2021
- CVE-2021-21224 - 20 April 2021
- CVE-2021-30551 - 9 June 2021
- CVE-2021-30554 - 17 June 2021
- CVE-2021-30563 - 15 July 2021
As the vulnerabilities have already been exploited, Users are invited to update Google Chrome to the latest version immediately.
Source: Bleeping Computer