Google has released a security update for its Chrome browser. This update fixes five vulnerabilities, including a use after freeVulnerability in Chrome V8 engine that is being actively exploited.
Vulnerabilities fixed In Chrome version 96.0.4664.110 for desktop, which will be rolling out for Windows, macOS, and Linux “in the coming days or weeks.” The update will be released in the stable Chrome and Stable Extended channels. Tweakers can install the update directly in Chome’s settings, under “Help” and “About Google Chrome”.
The fixed vulnerability is identified as CVE-2021-4102. currently CVE . page Reserved and there are no specific details online yet. Google mentions in the patch that it’s a bug in the Chrome V8 engine, which was reported to Google on Thursday, December 9. It’s the 16th Chrome vulnerability that Google has fixed this year.
CVE-2021-4102, according to Google, is a file use after free-asthenia. This incorrectly uses the freed dynamic memory. This can lead to data corruption and may also allow arbitrary code to run. Google does not publish any further details, but reports a “high” risk level, without further explanation. The company says it will withhold details about the bugs until most users install the update. The company writes that it understands that the exploit “is out in the wild.”
Google is also fixing four other vulnerabilities in the new Chrome update, including CVE-2021-4098. This is a “insufficient data validation” error in Mojo, which is referred to as a “critical” risk score. The bug was reported by a Google Project Zero employee on October 26. Few concrete details are known about this as well. Moreover, the update fixes another free and file usage heap buffer overflow in Swifthader next to a object life cycleCorner problem.