Google actively closes exploited vulnerabilities in Chrome for the third time in a month

Google has released a security update for Chrome that fixes two actively exploited vulnerabilities. Google does not provide details yet, in addition to the use after free and information leak in core leaks.

The update fixes four vulnerabilities, two of which have been exploited in practice. These are CVE-2021-37975 and -37976 that were actively exploited. The former enabled use after free in Chrome’s JavaScript engine V8 and was discovered by an anonymous researcher. The second vulnerability was discovered by Google researchers. Both vulnerabilities were communicated to Google at the end of September.

The third leak, which to Google’s knowledge has not yet been actively exploited, concerned a use after free vulnerability in Safe Browsing. This vulnerability was discovered by a researcher from the Qi’anxin Group. Nothing is yet being shared about the fourth vulnerability.

Only after a large number of users have installed the 94.0.4606.71 update, Google will share more about the vulnerabilities. It is the third security update in a month that actively closes exploited vulnerabilities. With the update, the thirteenth actively abused leak of 2021 has therefore also been closed.