Google released security updates for the Chrome web browser on Monday to fix a total of 11 security issues, two of which it says are being actively exploited on zero days off.
Follow up as CVE-2021-30632 i CVE-2021-30633, the vulnerabilities refer to an out-of-bounds write in the JavaScript V8 engine and to a use after a free defect in the DB indexed API, respectively, with the Internet giant accredited anonymous researchers for having reported the errors on September 8.
As is often the case, the company said it is “aware that the exploits of CVE-2021-30632 and CVE-2021-30633 exist in the wild” without sharing additional information about how, when and where the vulnerability was exploited or threatens actors who may be mistreating them.
With these two security flaws, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the beginning of the year:
Chrome users are advised to upgrade to the latest version (93.0.4577.82) for Windows, Mac, and Linux by going to Settings> Help> “About Google Chrome” to mitigate the risk associated with the defect.