Google released a patch for 5 vulnerabilities found in Chrome. One of the vulnerabilities was being exploited in the wild, and it was altogether the 17th vulnerability found this year in chrome.
Labeled CVE-2021-4102, the flaw concerns a use-after-free bug in the V8 Javascript and the WebAssembly engine. The flaw could severely impact ranging from data corruption to remote execution of arbitrary code. The researcher who discovered the flaw wanted to be anonymous.
Also read,
As it stands, it’s not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, “it’s aware of reports that an exploit for CVE-2021-4102 exists in the wild.” This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors.
The present vulnerability is the second within three months to be fixed by the company. These fixes have been made after the company received reports of active exploitation of the vulnerability. The earlier vulnerability, CVE-2021-37975, was also reported by an anonymous researcher. It’s difficult to say whether the two vulnerabilities were linked.
Chrome users are recommended to update to the latest version (96.0.4664.110) for Windows, Mac, and Linux by heading to Settings > Help > ‘About Google Chrome’ to mitigate any potential risk of active exploitation.