Google release out-of-band update for Chrome to fix "high-severity" actively exploited vulnerability

It’s time to remind our readers again not to ignore the update prompt in your browser, as Google release another urgent fix for Chrome on Windows, Mac, and Linux, to repair a high-severity zero-day vulnerability being actively exploited in the wild.

At issue is a “use after free” vulnerability in the Chrome V8 JavaScript engine. “Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild,” Google said in its advisory.

Use-After-Free (UAF) is a vulnerability related to the incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. It can be used to execute arbitrary code or escape the browser’s security sandbox.

The bug was reported by an anonymous security researcher, and Google is not releasing the full detail of the breach yet.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google noted.

The update, which is available now, takes the browser to version 96.0.4664.110. To access it, simply restart your browser.

via BleepingComputer