It is urgent to update your Chrome browser. Google has just released version 94.0.4606.71 which fixes four security vulnerabilities, two of which are actively exploited by hackers.

One (CVE-2021-37975) is a memory corruption bug in the JavaScript V8 engine. The other (CVE-2021-37976) is a data leak in the “core” software module.

Google does not give more details on these flaws, nor on the attacks they can cause. However, we see that the first was discovered by security researcher Clément Lecigne, who works at Google Threat Analysis Group, and who was already credited last week for a zero-day flaw (CVE-2021-37973) in the Chrome’s “Portals” programming interface.

Again, this was a memory corruption bug exploited by hackers, and it is not impossible that the two flaws are part of the same chain of attacks.





With this new patch, Google will have corrected this year already 14 zero-day flaws exploited by hackers. It’s a record. To update Chrome, just go to the settings menu, then select “Help → About Google”. The browser will automatically search for the update and install it.

Source: Google