As noted by the tech giant, the update may take some time until it reaches all users. However, the patch is already being distributed worldwide in the stable desktop browser channel.
Attackers typically exploit these vulnerabilities to execute arbitrary code on computer systems or to exit the browser sandbox. Google found evidence of real attacks exploiting the vulnerability but did not provide additional information on the incidents.
Security Issue Fix
- Critical Risk CVE-2021-4098: Insufficient Data Validation in Mojo;
- High Risk CVE-2021-4099: Swiftshader After Freeing Data Exploitation Vulnerability;
- High risk CVE-2021-4100: object life cycle error in ANGLE;
- High Risk CVE-2021-4101: Heap Buffer Overflow Vulnerability in Swiftshader;
With this security updates, it is the sixteenth zero-day vulnerability in Chome, identified in 2021. The rest of the vulnerabilities were fixed in the following order:
- CVE-2021-21148 - February 4
- CVE-2021-21166 - March 2
- CVE-2021-21193 - March 12
- CVE-2021-21220 - April 13
- CVE-2021-21224 - April 20
- CVE-2021-30551 - June 9
- CVE-2021-30554 - June 17
- CVE-2021-30563 - July 15
- CVE-2021-30632 and CVE-2021-30633 - September 13th.
- CVE-2021-37973 - September 24
- CVE-2021-37975 and CVE-2021-37976 - September 30th.
- CVE-2021-38000 and CVE-2021-38003 - October 28