Monday, February 10, 2025
HomeChromeEmergency Chrome Update Released to Patch Actively Exploited Zero-Day Bug

Emergency Chrome Update Released to Patch Actively Exploited Zero-Day Bug

Published on

SIEM as a Service

Follow Us on Google News

Google has announced an emergency update for Chrome (94.0.4606.61), and in this update, it has addressed Chrome’s 11th ‘zero days’ exploit of the year. 

In this emergency update, Google has tracked the zero-day vulnerability as CVE-2021-37973 with High severity and this zero-day vulnerability attacks the users of the following platforms:-

  • Linux
  • macOS
  • Windows

This vulnerability was being used after free in Portals API, and there is a web page navigation system in this vulnerability, that allows a page to display another page as an inset.

Not only this but it also performs a seamless transition to a new state, and in that its formerly-inset pages convert into the top-level document. After knowing about the vulnerability, the Chrome-introduced some update that has been spreading all over the world to Stable desktop channel.

Eleventh zero-day

Google has announced this emergency update after detecting the vulnerability “CVE-2021-37973,” and they have also patched this 11th zero-day vulnerability in the Chrome web browser.

Here’s the list of all zero-day vulnerabilities detected this year:-

  • CVE-2021-21148 – February 4th, 2021
  • CVE-2021-21166 – March 2nd, 2021
  • CVE-2021-21193 – March 12th, 2021
  • CVE-2021-21220 – April 13th, 2021
  • CVE-2021-21224 – April 20th, 2021
  • CVE-2021-30551 – June 9th, 2021 
  • CVE-2021-30554 – June 17th, 2021
  • CVE-2021-30563 – July 15th, 2021
  • CVE-2021-30632 – September 13th, 2021
  • CVE-2021-30633 – September 13th, 2021

No key Details were Unveiled regarding Ongoing Attacks

Moreover, Clément Lecigne from Google TAG, with the help of Sergei Glazunov and Mark Brand from Google Project Zero has stated that the zero-day security flaw that has been fixed now was initially published the day when the first Google Chrome 94 stable was released. 

After investigating the whole attack, they claimed that the exploitation of this vulnerability allows the threat actors to implement arbitrary code on computers running unpatched Chrome versions.

However, Google has gone through the details carefully, and they conclude that the vulnerability has been discovered in the wild attacks exploiting CVE-2021-37973.

But they have not yet unveiled any key details of this attack or any steps that were used by the threat actors. 

While the threat actors are attacking Chrome, since it is used by nearly 2.65 billion users all over the world, and many users are connected through it, which makes it is a huge lucrative target for the threat actors to initiate attacks.

Found this article interesting!! Follow us on LinkedinTwitter,  Facebook for daily Cyber Security News & Updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...

FleshStealer: A new Infostealer Attacking Chrome & Mozilla Users

A newly identified strain of information-stealing malware, FleshStealer, is making headlines in 2025 due...

Chrome Security Update – Patch for 3 High-Severity Vulnerabilities

Google has released a critical update for the Chrome browser, addressing three high-severity security...