Unknown malefactors are already using this vulnerability in their attacks on Chrome users. This one is considered the most dangerous of all three - 8.4 on CVSS v3.1 scale, which makes it a ‘critical’ risk vulnerability. The second vulnerability, CVE-2021-37975, was found in Crome’s V8 JavaScript engine. The CVSS v3.1 severity rating for this vulnerability is 7.7 out of 10. The first one, CVE-2021-37974, is related to the Safe Browsing component, a Google Chrome subsystem that warns users about unsafe websites and downloads.
Why these vulnerabilities in Google Chrome are dangerousĬVE-2021-37974 and CVE-2021-37975 are use-after-free (UAF) class vulnerabilities - they exploit incorrect use of heap memory and, as a result, can lead to arbitrary code execution on the targeted computer. These vulnerabilities are also relevant to other browsers based on the Chromium engine - for instance, Microsoft recommends updating Edge to version 94.0.992.38.
Therefore, Google advices all Chrome users to immediately update browser to version. What’s worse: according to Google cybercriminals have already exploited two of these three vulnerabilities. Google experts consider one of the vulnerabilities as critical and the other two as highly dangerous. Google has released an emergency update for the Chrome browser that addresses three vulnerabilities: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976.
Kaspersky Internet Security for Android.In other words, 7 in 10 PCs are currently running Google Chrome, despite originally coming with another browser (Microsoft Edge on Windows and Safari on macOS), so the accelerated release pace is likely to be good news for quite a lot of users.Ĭhrome OS users, on the other hand, will benefit from support for multiple stable release options, but Google says additional information in this regard would be shared at a later time.
Google Chrome is currently the world’s number one browser, with third-party statistics indicating it’s already running on some 70 percent of the PCs out there. Security updates on Extended Stable will be released every two weeks to fix important issues, but those updates won’t contain new features or all security fixes that the 4 week option will receive,” Google explains in an announcement this week. Extended Stable will be available to enterprise administrators and Chromium embedders who need additional time to manage updates. “We will add a new Extended Stable option, with milestone updates every 8 weeks. Google says it’s also adding an Extended Stable version of Google Chrome that would be updated every 8 weeks, all with the purpose of making it easier for IT admins to update the browser running on devices in their networks. So starting with Chrome 94, which is due to go live in the third quarter of this year, Google would begin rolling out major browser updates every four weeks on all supported platforms. Google is following in the footsteps of Mozilla and is moving Chrome browser to a four-week release cycle, thus promising to ship major updates at a fast pace than before.Īt this point, Google Chrome receives a major update every 6 weeks, but the company says that it has managed to shorten the release cycle, thus allowing users to get new features much faster.