Update Google Chrome now to fix these flaws being attacked by hackers

Update Google Chrome now to set up these flaws being attacked past hackers

(Image credit: Future)

Stop usa if you've heard this one before: Google has patched Chrome on the desktop to fix 2 "zero-day" flaws being already actively exploited past hackers in the wild, too as two other vulnerabilities. You lot'll need to update Chrome too as any related browsers y'all accept to stay prophylactic.

To update Chrome to the latest version, 94.0.4606.71, on Windows or Mac, it's frequently enough to only close and relaunch the browser. Otherwise, click the three vertical dots in the upper right of the browser window, scroll down to Help and click on About Google Chrome in the fly-out bill of fare.

Your Apple Pay payments can be stolen over the air — here's what to do
The all-time Windows 10 antivirus software
Plus: Google Pixel six and Pixel 6 Pro prices just tipped — and it's adept news

That volition spark upward a new tab that will check to encounter if you have the latest version. If not, Chrome will download it for you and prompt y'all to relaunch.

On Linux, you'll often have to wait for your distribution's adjacent parcel of updates. As for other browser based on the aforementioned open-source Chromium underpinning, neither Microsoft Edge, Opera, Brave nor Vivaldi had updated to 94.0.4606.71 or its equivalent at the time of this writing.

What nosotros know about these flaws

Every bit usual, the Chrome team isn't maxim who is exploiting these vulnerabilities confronting whom, only that Google is "aware" that exploits for the ii zero-day flaws "exist in the wild." (The adjective refers to the fact that defenders have nothing days to ready before the exploits are used — in other words, the bad guys knew nigh them first.)

The first nothing-day flaw, catalogued as CVE-2021-37975, involves a "use later on free" bug in V8, Chrome's JavaScript parser. That means another awarding, potentially a malicious 1, could seize space on your computer's memory chips immediately later V8 is done using it, getting a toehold in your system processes before the OS has a chance to reallocate that chunk of retentivity.

Discovery of the flaw was attributed to an anonymous researcher.

The 2nd nada-day, CVE-2021-37976, involved an "information leak in core." We're not quite certain what that refers to as "core" can hateful a dozen unlike things. This flaw appears to be less serious than the other ane, and its discovery is credited to Clément Lecigne of Google's Threat Analysis Group, with assists from Sergei Glazunov and Marker Brand of the Google Project Zero team.

A third flaw fixed with this update isn't a naught-day, only besides involves a use-afterward-free bug, this time ironically in Chrome'due south Safe Browsing feature. Google isn't disclosing the fourth flaw even so.

This are the 47th and 48th nada-day flaws found in Chrome this yr, according to an online spreadsheet that'due south tracking such things. A single zero-day was patched in Chrome just final week.

Chrome update timeline

Here's a timeline of the final three months of Chrome desktop stable-channel updates.

Sept. 30: 94.0.4606.71
Sept. 24: 94.0.4606.61
Sept. 21: 94.0.4606.54
Sept. thirteen: 93.0.4577.82
Aug. 31: 93.0.4577.63
Aug. xvi: 92.0.4515.159
Aug. 2: 92.0.4515.131
July 20: 92.0.4515.107
July 15: 91.0.4472.164

Read next: The best internet security suites

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-booty driver, lawmaking monkey and video editor. He'south been rooting around in the information-security space for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even chastened a panel give-and-take at the CEDIA habitation-technology conference. You tin can follow his rants on Twitter at @snd_wagenseil.