Google push emergency Chrome update to patch two actively exploited Zero-day vulnerabilities

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Google has patched its 15th zero-day vulnerability for Chrome, with the out of band release of Chrome 95.0.4638.69 for Windows, Mac, and Linux.

The release patches two zero-day vulnerabilities which are being actively exploited in the wild.

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google disclosed in the list of security fixes in today’s Google Chrome release.

CVE-2021-38000 is due to “Insufficient validation of untrusted input in Intents” and was assigned a High severity level.

CVE-2021-38003, is a High severity “Inappropriate implementation” bug in the Chrome V8 JavaScript engine.

Google did not say how the vulnerabilities are being exploited.

Besides the two actively exploited zero-day vulnerabilities, there are 5 other vulnerabilities fixed with the update.

As the bugs are being actively exploited Chrome users are urged not to delay installing the update, most easily achieved by simply restarting your browser.

via BleepingComputer.

User forum

0 messages