Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild.
“Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.” reads the advisory published by Google which did not share additional info regarding these attacks.
The vulnerability was reported by an anonymous researcher on 2021-12-09.
Google has already addressed 17 zero-day vulnerabilities in Chrome this year, below is the full list:
Be sure to update your Chrome install to the latest 96.0.4664.110 version for Windows, Mac, and Linux.
The other issues fixed by Google with the latest release are:
[$NA] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
[$5000] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
[$5000] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
[$TBD] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
(SecurityAffairs – hacking, Chrome)