Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild.
This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in the wild.
Below is the list of the other nine zero-day vulnerabilities addressed in Chrome in 2021:
“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” reads the release note published by the company.
Google did not provide details about the attacks either information about the threat actors exploiting the vulnerabilities. The two vulnerabilities were reported by anonymous researchers.
The two zero-day flaws could be exploited to trigger a DoS condition and under specific circumstances they can allow attackers to escape the sandbox, perform remote code execution, and carry out other malicious activities.
The full list of bugs addressed with the latest release is:
Google urges its users to update their Google Chrome installs to the latest version immediately.
(SecurityAffairs – hacking, Google)