Google has released patches for five security flaws in its Chrome web browser, including one that it claims is being exploited in the public, making it the 17th vulnerability to be revealed since the beginning of the year.
The issue, which has been assigned the identifier CVE-2021–4102, is a “use-after-free” bug in the V8 JavaScript and WebAssembly compiler that might result in serious effects ranging from data manipulation to the execution of malicious codes.
It’s unclear how the bug is being used in actual attacks right now, but Google published a brief statement saying, “it’s aware of claims that an exploit for CVE-2021–4102 exists in the public.” This is done to make sure that the majority of users get updated with a patch and to deter other malicious actors from exploiting the vulnerability.
CVE-2021–4102 is the second “use-after-free” flaw in V8 that the business has patched in far less than three months after indications of ongoing exploitation, with CVE-2021–37975, discovered by an anonymous researcher, fixed in a September 30 update. It’s uncertain whether the two problems have anything to do with one another.
With this newest version, Google has patched a total of 17 zero-day vulnerabilities in Chrome this year. The list of vulnerabilities is as follow:
To reduce the risk of ongoing exploitation, Chrome users should update to the newest version (96.0.4664.110) for Windows, Mac, and Linux by going to Settings > Help > ‘About Google Chrome.’