Google releases emergency fixes for high-risk vulnerabilities in Google Chrome
Security experts as well as external researchers have detected key bugs and exploits such as “use after free” bugs and information leaks. The “use after free” flaws have been identified as CVE-2021-37974 and CVE-2021-37975 and are both considered high risk as they may cause data corruption.
The CVE-2021-37974 bug affected safe browsing and was noted on September 1 by Weipeng Jiang who is affiliated with Codesafe Team of Legendsec at Qi’anxin Group. Meanwhile, CVE-2021-37975 was found by an anonymous source on September 24; and this bug appeared in the V8 JavaScript engine.
Moreover, CVE-2021-37976 was designated as a medium-level security flaw and was stated to cause an “information leak in core”. This exploit was characterized by the combined efforts of Clement Lecigne at Google TAG, who was supported by Sergie Galzunov and Mark Brand based at Google Project Zero on September 21.
Google has decided to limit access to the details of these exploits since third party related software and projects may not have been updated with the security fixes. Additionally, these restrictions may be maintained until most users update their Chrome browsers with these fixes.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News translator (DE-EN)
Details here