Google releases emergency fixes for high-risk vulnerabilities in Google Chrome
Security experts as well as external researchers have detected key bugs and exploits such as “use after free” bugs and information leaks. The “use after free” flaws have been identified as CVE-2021-37974 and CVE-2021-37975 and are both considered high risk as they may cause data corruption.
Moreover, CVE-2021-37976 was designated as a medium-level security flaw and was stated to cause an “information leak in core”. This exploit was characterized by the combined efforts of Clement Lecigne at Google TAG, who was supported by Sergie Galzunov and Mark Brand based at Google Project Zero on September 21.
Google has decided to limit access to the details of these exploits since third party related software and projects may not have been updated with the security fixes. Additionally, these restrictions may be maintained until most users update their Chrome browsers with these fixes.