.png)
3 years ago
253 
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.
Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document."
Clément Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's "aware that an exploit for CVE-2021-37973 exists in the wild."
The update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS (CVE-2021-30869), which the TAG noted as being "used in conjunction with a N-day remote code execution targeting WebKit." With the latest fix, Google has addressed a total of 12 zero-day flaws in Chrome since the start of 2021:
CVE-2021-21148 - Heap buffer overflow in V8 CVE-2021-21166 - Object recycle issue in audio CVE-2021-21193 - Use-after-free in Blink CVE-2021-21206 - Use-after-free in Blink CVE-2021-21220 - Insufficient validation of untrusted input in V8 for x86_64 CVE-2021-21224 - Type confusion in V8 CVE-2021-30551 - Type confusion in V8 CVE-2021-30554 - Use-after-free in WebGL CVE-2021-30563 - Type confusion in V8 CVE-2021-30632 - Out of bounds write in V8 CVE-2021-30633 - Use after free in Indexed DB APIChrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Bengali (Bangladesh) · 
English (United States) ·