[TheRecord] Google fixes 15th and 16th Chrome zero-day this year

Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.

The updates are part of Chrome version 95.0.4638.69, which is now available via the browser’s built-in udpate mechanism.

The two zero-days are CVE-2021-38000 and CVE-2021-38003, and are the 15th and 16th zero-days that Google has patched this year—the most Google has patched in Chrome in any single calendar year since the browser’s first release in 2008.

CVE-2021-21148 – Chrome 88.0.4324.150, on February 4, 2021.CVE-2021-21166 – Chrome 89.0.4389.72, on March 2, 2021.CVE-2021-21193 – Chrome 89.0.4389.90, on March 12, 2021.CVE-2021-21206 – Chrome 89.0.4389.128, on April 13, 2021.CVE-2021-21220 – Chrome 89.0.4389.128, on April 13, 2021.CVE-2021-21224 – Chrome 90.0.4430.85, on April 20, 2021.CVE-2021-30551 – Chrome 91.0.4472.101, on June 9, 2021.CVE-2021-30554 – Chrome 91.0.4472.114, on June 17, 2021.CVE-2021-30563 – Chrome 91.0.4472.164, on July 15, 2021.CVE-2021-30632 – Chrome 93.0.4577.82, on September 13, 2021.CVE-2021-30633 – Chrome 93.0.4577.82, on September 13, 2021.CVE-2021-37973 – Chrome 94.0.4606.61, on September 24, 2021.CVE-2021-37975 – Chrome 94.0.4606.71, on September 30, 2021.CVE-2021-37976 – Chrome 94.0.4606.71, on September 30, 2021.

As it’s standard policy, Google has not shared any details about today’s patches or the attack scenarios in which the two zero-days were used—in order to give users a safe period of time to patch before other threat actors start abusing today’s fixes.

The post Google fixes 15th and 16th Chrome zero-day this year appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Suspected Iranian hacker looks to steal Gmail, Instagram credentials

An Iranian threat actor discovered earlier this year is responsible for attacks against U.S. targets designed to hoover up Gmail and Instagram credentials, according to research released Wednesday by security firm SafeBreach. While the actor was originally exposed in September, further analysis by the company found phishing attacks that stretched back to July. Almost half […]

Read More

[SecurityWeek] U.S., Allies Officially Accuse China of Microsoft Exchange Attacks

All posts, Security Week

U.S. Charges Four Alleged Members of Chinese Hacking Group APT40 The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Eftpos granted government accreditation as first private ID exchange operator

All posts, ZDNet

Eftpos connectID can now facilitate online transactions requiring a digital identity from Australians. Source: Read More (Latest topics for ZDNet in Security)

Read More