Google has launched a Chrome update to address seven high-severity vulnerabilities in the browser, two of which are currently being actively exploited in the wild.
“Google is aware that vulnerabilities for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google noted as it upgraded the Stable channel release.
Google researchers discovered both exploitable vulnerabilities, CVE-2021-38000 by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group, and CVE-2021-38003 by Lecigne.
See Also: 5 Signs Your SSD Hard Drive Will Start Malfunctioning Soon
Because the weaknesses are routinely exploited, BleepingComputer recommends that users restart their browsers to get the latest version or update it manually.
The CVE-2021-38000 zero-day vulnerability is described by Google as “insufficient validation of untrusted input in Intents,” and it was first disclosed on September 15, 2021.
Because the vulnerabilities are currently being exploited, Google hasn’t yet disclosed specifics about the zero-days or how they’re being abused in order to avoid further exploitation. However, once the threat has passed, Google’s security researchers routinely provide data about the exploits.
How to update your Chrome?
To address these assaults, Google has published Chrome version 95.0.4638.69, which is a critical upgrade. Be aware that the rollout of this update will be staggered and “spread out over the following days/weeks,” according to Google. This means you might not be able to defend yourself right away.
Go to Settings > Help > About Google Chrome to see if you’re protected. You are secure if your Chrome browser matches 95.0.4638.69 or higher. If the update for your browser is not yet available, make sure to check for it on a frequent basis.
Check out this blog for more tech news.