Google fixes 2 new actively exploited zero-day flaws in Chrome

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two actively exploited zero-day vulnerabilities.

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two zero-day vulnerabilities, tracked as CVE-2021-38000 and CVE-2021-38003, actively exploited in attacks in the wild.

Google fixed a total of seven vulnerabilities with the latest release of the popular browser.

CVE-2021-38000 is an insufficient validation of untrusted input in Intents, the flaw was reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15.

CVE-2021-38003 is an Inappropriate implementation in V8 open-source high-performance JavaScript and WebAssembly engine. This vulnerability was reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.” reads the security advisory published by Google.

The IT giant did not reveal the details of the attacks exploiting the above flaws.

Google already addressed a total of fifteenth zero-day vulnerabilities since the beginning of the year, below is the complete list:

The other thirteen zero-days patched this year are listed below:

CVE-2021-21148 – February 4th, 2021CVE-2021-21166 – March 2nd, 2021CVE-2021-21193 – March 12th, 2021CVE-2021-21220 – April 13th, 2021CVE-2021-21224 – April 20th, 2021CVE-2021-30551 – June 9th, 2021CVE-2021-30554 – June 17th, 2021CVE-2021-30554 – June 17th, 2021CVE-2021-30563 – July 15th, 2021CVE-2021-30632 & CVE-2021-30633 – Sept 13th, 2021CVE-2021-37973 – Sept 24th, 2021CVE-2021-37975 and CVE-2021-37976 – Oct, 13st, 2021CVE-2021-38000 and CVE-2021-38003 – Oct, 28th 2021

Be sure to update your Chrome install to the latest 95.0.4638.69 version for Windows, Mac, and Linux.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Google)

The post Google fixes 2 new actively exploited zero-day flaws in Chrome appeared first on Security Affairs.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt