New Google Chrome vulnerability puts 2.65 billion users at risk
Google has recently revealed it found this year's 11th zero-day exploit for the Chrome browser. The issue is said to affect Windows, Linux, and macOS users and Google confirmed that it is aware of bad actors possibly exploiting this vulnerability in the wild. Google has not said much, but a fix has already been released and is in the delivery pipeline for all users.
In a new blog post, Google revealed that the newly-discovered vulnerability bears unique identifier code CVE-2021-37973, which is Chrome's eleventh zero-day exploit discovered this year. Zero-day classification means that hackers could have exploited this vulnerability before Google released a fix, making it far more dangerous than other vulnerabilities. If your Chrome version is 94.0.4606.61 or newer, you are protected from this vulnerability.
To protect its 2.65 billion users and buy them time to upgrade to the latest version including the fix, Google is not disclosing much about the zero-day vulnerability. The company revealed it has a "High" threat ranking and that it was reported on September 21 by Google TAG employee Clément Lecigne with assistance from Google Project Zero's Sergei Glazunov and Mark Brand.
Forbes reported that this is a Use-After-Free (UAF) vulnerability, a memory exploit characterized by when a program (in this case, Chrome) fails to clear the pointer to the memory after it is freed. In simpler terms, the vulnerability exploits the shoddy job Chrome does when it unloads itself from the computer's RAM. Ten such High-rated Chrome UAF vulnerabilities were discovered in September alone.
Google has said that it has already issued an update for all Chrome users. On Chrome, navigate to Settings > Help > About Google Chrome and immediately install any pending updates. If the update is not available yet and your Chrome version is lower than 94.0.4606.61, revisit this Settings page frequently. Remember that Chrome must be restarted for updates to take effect.