Google urgently released a new version of the Chrome browser 96.0.4664.110 for Windows, macOS and Linux, fixing a dangerous zero-day vulnerability (CVE-2021-4102). The vulnerability is actively exploited by hackers in real attacks.
Tech giant noted that the update may take some time until it reaches all users. However, the patch is already being distributed worldwide in the Stable channel for the desktop version.
The use after free vulnerability (CVE-2021-4102) was discovered by an anonymous cybersecurity researcher and is contained in the Chrome V8 JavaScript engine. Attackers usually exploit this type of vulnerbilities to execute arbitrary code on computer systems or to escape the browser's security sandbox.
Google found evidence of attacks exploiting this vulnerability in the wild, but did not provide additional information on the incidents.
This is the sixteenth zero-day vulnerability in Chome, found in 2021. The rest of the vulnerabilities were fixed in the following order:
-
CVE-2021-21148 - February 4
-
CVE-2021-21166 - March 2
-
CVE-2021-21193 - March 12
-
CVE-2021-21220 - April 13
-
CVE-2021-21224 - April 20
-
CVE-2021-30551 - June 9
-
CVE-2021-30554 - June 17
-
CVE-2021-30563 - July 15
-
CVE-2021-30632 and CVE-2021-30633 - September 13th.
-
CVE-2021-37973 - September 24
-
CVE-2021-37976 and CVE-2021-37975 - September 30th.
-
CVE-2021-38000 and CVE-2021-38003 - October 28
