Google this week rolled out urgent security updates for the Chrome browser to address four security flaws, including two new zero-day vulnerabilities that are being exploited in the wild.
Google has addressed a total of five zero-day flaws this month, while the total number of zero-days fixed since the start of the year is 14.
The two zero-day vulnerabilities fixed in the last turn are tracked as CVE-2021-37975 and CVE-2021-37976.
The Google Threat Analysis Group (TAG) focuses on investigations into government-backed attacks, it is likely that the CVE-2021-37976 was discovered while the experts were investigating a campaign carried out by a nation-state actor.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.” states the update provided by Google. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild. “
Google has addressed a total of 14 zero-day vulnerabilities in Google Chrome since the start of the year, below is the full list.
Be sure to update your Chrome install to the latest 94.0.4606.71 version for Windows, Mac, and Linux.
(SecurityAffairs – hacking, Chrome)