It has been a tough month for Google Chrome, with two vulnerabilities already spotted in the wild earlier in September. With these two latest flaws, the number of zero days found on Chrome this year has reached 12. The fix for these vulnerabilities is part of a wider security patch – Chrome 94.0.4606.71 – which is available on the stable channel and tackles four security issues in total. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” the company confirms. However, Google is not offering details on the vulnerabilities. This is the same approach the company took to the pair of zero-days from earlier in September.
Updates
Google explains it is not sharing technical details until enough users have installed the patch. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company points out. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” The two flaws are labelled as CVE-2021-37976 and CVE-2021-37975. The first has a medium severity level and was found by Clément Lecigne from Google’s Threat Analysis Group (TAG) and reported on September 21. As for the second flaw, it is a bug in the V8 JavaScript engine found on September 26 by an anonymous researcher. Tip of the day: If you need to create an ad-hoc network, you can do it on Windows 10. In our tutorial we show you how to easily create a shareable wireless internet connection in Windows 10 as a free WIFI hotspot.