Google recently rolled out an emergency security patch to its Chrome web browser to address a security flaw that’s known to have an exploit in the wild.
Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and “perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document.”
Clément Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it’s “aware that an exploit for CVE-2021-37973 exists in the wild.”
The update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS (CVE-2021-30869), which the TAG noted as being “used in conjunction with an N-day remote code execution targeting WebKit.” With the latest fix, Google has addressed a total of 12 zero-day flaws in Chrome since the start of 2021:
CVE-2021-21148 – Heap buffer overflow in V8
CVE-2021-21166 – Object recycle issue in audio
CVE-2021-21193 – Use-after-free in Blink
CVE-2021-21206 – Use-after-free in Blink
CVE-2021-21220 – Insufficient validation of untrusted input in V8 for x86_64
CVE-2021-21224 – Type confusion in V8
CVE-2021-30551 – Type confusion in V8
CVE-2021-30554 – Use-after-free in WebGL
CVE-2021-30563 – Type confusion in V8
CVE-2021-30632 – Out of bounds write in V8
CVE-2021-30633 – Use after free in Indexed DB API
Chrome users are advised to update to the latest version (94.0.4606.61) for Windows, Mac, and Linux by heading to Settings > Help > ‘About Google Chrome’ to mitigate the risk associated with the flaw. It is unclear at this point if other browsers that are based on Chromium are also affected by the security issue.
Olagoke Ajibola is a creative writer and content producer with an eye for details and excellence. He has a demonstrated history of telling stories for TV, Film and Online. Aside from being fascinated by the power of imagination, his other interest are travel, sport, reading and meeting people.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
