Google released late this Thursday afternoon (30) an emergency update for two critical zero-day (or zero day, those that were previously unknown) that can be used as loopholes for cyber attacks and have already been exploited by invaders. The update is for desktop version 94.0460671 for Windows, Mac and Linux.

According to the company, there are four corrections, two of which are critical for being zero-day. The first vulnerability, coded as CVE-2021-37976, is described as an “information leak to the core” of medium security severity level. It was discovered by Google TAG researcher Clément Lecigne, with technical assistance from Sergei Glazunov and Mark Brand of Google Project Zero, on September 21st.

2 more in-the-wild 0days fixed by Chrome:

* CVE-2021-37975 use-after-free in V8 by anonymous

* CVE-2021-37976 info leak in core by @_clem1 #itw0days The release cycle that Chrome is making happen in order to get these patches out is pretty impressivehttps://t.co/j1xPY4zjlP — Maddie Stone (@maddiestone) September 30, 2021

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

The second, tracked as CVE-2021-37975, is considered to be of high severity due to an issue in the V8 JavaScript software engine. The researcher who disclosed this vulnerability, on September 24, preferred to remain anonymous.

Update now!

Chrome’s official blog says that stable updates with wide distribution should happen “in the next few days or weeks” automatically. But it is already possible to update manually, restarting the browser. Go to the menu with three dots in the upper right corner and go to “Help”.

Then click on “About Google Chrome”. The software itself will fetch the update 94.0.4606.71 and ask you to restart your browser. If the version for this update is not yet available, please try again later and verify that it is downloaded and executed.

Source: Google