Google fixes 15th and 16th Chrome zero-day this year
Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.
The updates are part of Chrome version 95.0.4638.69, which is now available via the browser's built-in udpate mechanism.
The two zero-days are CVE-2021-38000 and CVE-2021-38003, and are the 15th and 16th zero-days that Google has patched this year—the most Google has patched in Chrome in any single calendar year since the browser's first release in 2008.
- CVE-2021-21148 – Chrome 88.0.4324.150, on February 4, 2021.
- CVE-2021-21166 – Chrome 89.0.4389.72, on March 2, 2021.
- CVE-2021-21193 – Chrome 89.0.4389.90, on March 12, 2021.
- CVE-2021-21206 - Chrome 89.0.4389.128, on April 13, 2021.
- CVE-2021-21220 – Chrome 89.0.4389.128, on April 13, 2021.
- CVE-2021-21224 – Chrome 90.0.4430.85, on April 20, 2021.
- CVE-2021-30551 – Chrome 91.0.4472.101, on June 9, 2021.
- CVE-2021-30554 – Chrome 91.0.4472.114, on June 17, 2021.
- CVE-2021-30563 - Chrome 91.0.4472.164, on July 15, 2021.
- CVE-2021-30632 - Chrome 93.0.4577.82, on September 13, 2021.
- CVE-2021-30633 - Chrome 93.0.4577.82, on September 13, 2021.
- CVE-2021-37973 - Chrome 94.0.4606.61, on September 24, 2021.
- CVE-2021-37975 - Chrome 94.0.4606.71, on September 30, 2021.
- CVE-2021-37976 - Chrome 94.0.4606.71, on September 30, 2021.
As it's standard policy, Google has not shared any details about today's patches or the attack scenarios in which the two zero-days were used—in order to give users a safe period of time to patch before other threat actors start abusing today's fixes.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.