Google release out-of-band update for Chrome to fix "high-severity" actively exploited vulnerability

Reading time icon 1 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

It’s time to remind our readers again not to ignore the update prompt in your browser, as Google release another urgent fix for Chrome on Windows, Mac, and Linux, to repair a high-severity zero-day vulnerability being actively exploited in the wild.

At issue is a “use after free” vulnerability in the Chrome V8 JavaScript engine. “Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild,” Google said in its advisory.

Use-After-Free (UAF) is a vulnerability related to the incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. It can be used to execute arbitrary code or escape the browser’s security sandbox.

The bug was reported by an anonymous security researcher, and Google is not releasing the full detail of the breach yet.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google noted.

The update, which is available now, takes the browser to version 96.0.4664.110. To access it, simply restart your browser.

via BleepingComputer

More about the topics: browser, bug, chrome, exploit, zero-day