You might want to update your Google Chrome web browser right away. Google recently issued a critical security update for Chrome, patching up 11 security issues, including two zero-day vulnerabilities that were exploited in the wild.
Released on September 13, Google first listed the patched vulnerabilities on the Chrome Releases blog. Full details are being withheld for security reasons, as Google wants a majority of users to update first.
A lot of the issues cover core areas of Chrome, including WebGL, as well as the JavaScript V8 engine. Updating now ensures that you’re protected and won’t be vulnerable to hackers and other methods of attacks from cybercriminals.
This browser update is rolling out to Windows, Mac, and Linux, bumping Chrome up to version 93.0.4577.82. Note that other Chromium-based browsers like Microsoft Edge could also be vulnerable to these issues, so it’s best to check if you can update those browsers as well.
To update Google Chrome, hit the three downward-facing dots at the top-right corner of your screen. Then select Help followed by About Google Chrome. The browser should then automatically begin the process of downloading the latest updates. You’ll need to click the Relaunch button to restart Chrome and apply the update.
According to Google, two vulnerabilities — CVE-2021-30632 and CVE-2021-30633 — were actively exploited. Specifics weren’t available, but these cover the Javascript v8 Engine and a bug in the DB API. Google also thanked the security researchers who discovered these issues.
Researchers will typically be awarded a “bounty” for disclosing software vulnerabilities to technology giants, thus preventing them from being used in the wild by hackers. Some of these bounties are listed, while others are nondisclosed or to be determined.
This isn’t the first zero-day exploit that has been discovered in Chrome, either. The Hacker News reports that with the help of the community, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of 2021.
On August 21, Google patched nine security flaws in the web browser. These were similar issues: Type confusion in V8, use after free in printing, and use after free in Extensions API.