Page Loader
Home / News / Technology News / New Google Chrome vulnerability puts 2.65 billion users at risk
New Google Chrome vulnerability puts 2.65 billion users at risk
Researchers find this year’s eleventh zero-day vulnerability in Google Chrome

New Google Chrome vulnerability puts 2.65 billion users at risk

By Chandraveer Mathur
Sep 26, 2021
01:39 pm
What's the story

Google has recently revealed it found this year's 11th zero-day exploit for the Chrome browser. The issue is said to affect Windows, Linux, and macOS users and Google confirmed that it is aware of bad actors possibly exploiting this vulnerability in the wild. Google has not said much, but a fix has already been released and is in the delivery pipeline for all users.

What’s zero-day

Hackers could have exploited vulnerability before Google developed a fix

In a new blog post, Google revealed that the newly-discovered vulnerability bears unique identifier code CVE-2021-37973, which is Chrome's eleventh zero-day exploit discovered this year. Zero-day classification means that hackers could have exploited this vulnerability before Google released a fix, making it far more dangerous than other vulnerabilities. If your Chrome version is 94.0.4606.61 or newer, you are protected from this vulnerability.

All hush-hush

Discovery of vulnerability credited to Google TAG employee

To protect its 2.65 billion users and buy them time to upgrade to the latest version including the fix, Google is not disclosing much about the zero-day vulnerability. The company revealed it has a "High" threat ranking and that it was reported on September 21 by Google TAG employee Clément Lecigne with assistance from Google Project Zero's Sergei Glazunov and Mark Brand.

Details

Ten high-rated Chrome UAF vulnerabilities were discovered in September

Forbes reported that this is a Use-After-Free (UAF) vulnerability, a memory exploit characterized by when a program (in this case, Chrome) fails to clear the pointer to the memory after it is freed. In simpler terms, the vulnerability exploits the shoddy job Chrome does when it unloads itself from the computer's RAM. Ten such High-rated Chrome UAF vulnerabilities were discovered in September alone.

Plugging loopholes

Update for all Chrome users has already been issued

Google has said that it has already issued an update for all Chrome users. On Chrome, navigate to Settings > Help > About Google Chrome and immediately install any pending updates. If the update is not available yet and your Chrome version is lower than 94.0.4606.61, revisit this Settings page frequently. Remember that Chrome must be restarted for updates to take effect.