The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes
Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and Linux versions of the popular browser.
“Google is aware that an exploit for CVE-2021-37973 exists in the wild,” Google revealed about the newly disclosed zero-day vulnerability. The bug classified as high in severity is a use-after-free flaw in the Portals Web API, Google’s webpage navigation component of the Chromium browser engine
Clément Lecigne of Google’s Threat Analysis Group (TAG) was credited with the discovery of the vulnerability on September 21st, with technical assistance provided by two of his colleagues from Google Project Zero Sergei Glazunov and Mark Brand.
TAG has been busy… and so has Chrome (“Reported on 9-21, patched 9-24”!)
CVE-2021-37973 in-the-wild use after free in Portals discovered by @_clem1https://t.co/ha1wb4sB6n
— Maddie Stone (@maddiestone) September 24, 2021
The vulnerability was so severe that it necessitated its own official update for the Chrome browser. The release is especially notable, considering that it was rolled out mere days after Google pushed out a stable version of Chrome that fixed another 19 bugs. It took Google’s team just three days to release a fix after they were notified by Lecigne and his colleagues about the flaw being actively exploited in the wild.
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) also took note of the release and issued a security advisory urging both users and system administrators to update their browsers. “Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild,” said the agency.
Considering the timing and severity of the disclosed vulnerability, you would do well to update your browser to the latest version (94.0.4606.61) as soon as possible. If you have automatic updates enabled, the browser should be able to update to the newest available version on its own.
However, if you haven’t enabled the function yet, you can also update your browser manually by visiting the About Google Chrome section, which can be found under Help in the menu bar.