Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.
Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8.
As is typically the case, the company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them.
With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year —
- CVE-2021-21148 - Heap buffer overflow in V8
- CVE-2021-21166 - Object recycle issue in audio
- CVE-2021-21193 - Use-after-free in Blink
- CVE-2021-21206 - Use-after-free in Blink
- CVE-2021-21220 - Insufficient validation of untrusted input in V8 for x86_64
- CVE-2021-21224 - Type confusion in V8
- CVE-2021-30551 - Type confusion in V8
- CVE-2021-30554 - Use-after-free in WebGL
- CVE-2021-30563 - Type confusion in V8
Chrome users are advised to update to the latest version (93.0.4577.82) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaws.