Loading table of contents...
On 13 September 2021, Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix 11 security vulnerabilities. We recommend updating to the latest version of Chrome as soon as possible.
Details
- The latest Chrome version fixes two high-severity vulnerabilities being leveraged by threat actors.
- One flaw, tracked as CVE-2021-30632, causes a boundary error when processing untrusted HTML content in V8.
- V8 is an open-source JavaScript engine developed by the Chromium Project for Google Chrome and other Chromium-based web browsers, including Brave, Opera, Vivaldi and Microsoft Edge. V8 is also integrated into various independent projects; among them are Couchbase database server, Node.js runtime environment, and Electron desktop application framework. This flaw was also fixed in Microsoft Edge. Other V8-based browsers may be vulnerable.
- The second issue, tracked as CVE-2021-30633, is a memory corruption bug that exists due to a use-after-free (UAF) error within the Indexed DB API component in Google Chrome.
- Successful exploitation of these flaws requires a user running unpatched Chrome versions to visit a web page specially crafted by a threat actor. This would enable the actor to trigger remote code execution, denial of service or security restriction bypass on a vulnerable system.
- The new version has started rolling out worldwide and will become available to all users over the next few days.
Recommendations
- Windows, Mac, and Linux desktop users can manually upgrade to the latest Chrome version by going to Settings -> Help -> About Google Chrome.
- The Google Chrome web browser will then automatically check for the new update and install it if available.
- We recommend notifying users of this risk and requesting that they restart their browser to ensure the needed security patches are applied.
- If software is managed centrally within your organization, we recommend updating this software as soon as possible.
References
