Google fixes 15th and 16th Chrome zero-day this year
Catalin Cimpanu October 29, 2021

Google fixes 15th and 16th Chrome zero-day this year

Google fixes 15th and 16th Chrome zero-day this year

Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.

The updates are part of Chrome version 95.0.4638.69, which is now available via the browser’s built-in udpate mechanism.

The two zero-days are CVE-2021-38000 and CVE-2021-38003, and are the 15th and 16th zero-days that Google has patched this year—the most Google has patched in Chrome in any single calendar year since the browser’s first release in 2008.

As it’s standard policy, Google has not shared any details about today’s patches or the attack scenarios in which the two zero-days were used—in order to give users a safe period of time to patch before other threat actors start abusing today’s fixes.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.