According to researchers at Kaspersky, the Google Chrome browser has three vulnerabilities, namely: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976. Google has released an emergency update to address these three vulnerabilities.
According to Google security experts, one of the vulnerabilities is critical while the other two are highly dangerous. In a blog post, Google said bad actors have exploited two of the three vulnerabilities. These vulnerabilities prevail with all other browsers based on Chromium engine such as Microsoft recommends updating Edge to version 94.0.992.38.
Are The Vulnerabilities in Google Chrome are dangerous
As mentioned earlier the CVE-2021-37974 and CVE-2021-37975 are use-after-free (UAF) class vulnerabilities. They can exploit incorrect use of heap memory and, resulting in arbitrary code execution on the targeted computer.
While the CVE-2021-37974 is related to the Safe Browsing component, a Google Chrome subsystem that warns users about unsafe websites and downloads. It has been given a CVSS v3.1 severity rating for this vulnerability is 7.7 out of 10.
CVE-2021-37976 is the third vulnerability is data overexposure caused by the core of Google Chrome. It is rated 7.2 on the CVSS v3.1 scale and is slightly less dangerous. Bad actors are already using it to carry out cyberattacks on Chrome users.
How do Bad Actors exploit these vulnerabilities?
Bad actors create a malicious web page with embedded exploits and lure the victims to it. The attackers are able to execute arbitrary code on the computers of unpatched Chrome users who have access to the page using the exploits. This enables them to compromise their system, while the CVE-2021-37976 vulnerability makes it possible for the bad actors to gain access to the victim’s confidential information.
More details related to the vulnerabilities will be further released by Google once all users update their browsers. To be safe it is better for all users to update their browser ASAP.
How to update your Google Chrome Browser?
Generally, the update is installed automatically when the browser is restarted. Though sometimes you may have not used your computer for a long while resulting in the browser remaining vulnerable for several days or even weeks. In that case, you may proceed with checking the Chrome version of your browser.
How to check Google Chrome Browser Version?
- Click on the Customise and Control Google Chrome button at the top-right corner of the browser window
- Choose Help -> About Google Chrome.
If your browser version is not the latest available, Chrome will automatically start the update. Additionally, you can also install security solutions on your devices with internet access.