Google acknowledged the existence of a serious zero-day vulnerability in its Chrome browser, confirming that this weakness has already been exploited – although it has not been disclosed, exactly, how and to what extent.
The Mountain View giant, however, together with the news of the problem has also provided the solution, releasing the 96.0.4664.110 version of Chrome for Windows, Mac and Linux on the stable channel: therefore, if you have not yet done so, update Chrome as soon as possible. so as to take cover.
Going back to the problem recognized by Google, namely the CVE-2021-4102 vulnerability, we know that this is a use-after-free error that occurs in the Chrome 8 JavaScript engine. to the memory even after its emptying.
The update, which as mentioned covers the flaw, contains five security-related fixes. Below you will find those provided by external researchers, which Google has chosen to underline (for more information you can consult the link in SOURCE).
- [$ NA] [ 1263457 ] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
- [$ 5000] [ 1270658 ] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
- [$ 5000] [ 1272068 ] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
- [$ TBD] [ 1262080 ] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
- [$ TBD] [ 1278387 ] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09
Leaving the more technical part of the speech, the practical one that concerns all users requires elementary steps. First of all it should be noted that the update for Chrome has a gradual distribution, and therefore may not yet be available for all users: but clearly, over the hours, the coverage increases.
To check if your Google Chrome is already updated to version 96.0.4664.110, and if it is not, check the availability of the update, the procedure is very simple.
In fact, it is sufficient to click on the three dots arranged vertically at the top right, then select Guide and finally About Google Chrome.