Google Patches Critical Vulnerabilities in Chrome
Google has released an emergency update to fix 3 vulnerabilities in Chrome, 2 of them are being exploited in the wild.
Successful exploitation of these vulnerabilities could lead to remote arbitrary code execution.
The vulnerabilities
CVE-2021-37974 CVSS 3.1 score 7.7
Use after free in Safe Browsing.
The exploitation doesn’t require any form of authentication.
CVE-2021-37975 CVSS 3.1 score 8.4
Use after free in V8.
The exploitation doesn’t require any form of authentication.
This vulnerability is being exploited in the wild
CVE-2021-37976 CVSS 3.1 score 7.2
Information leak in core.
The exploitation doesn’t require any form of authentication.
This vulnerability is being exploited in the wild
Affected Products
These vulnerabilities affect all Chrome and Chromium-based browsers.
Mitigation
CYREBRO urges to update the browser to the latest Chrome version 94.0.4606.71
References: Google Advisory
