Google recognized the existence of a severe zero-day vulnerability of its Chrome browser, confirming that this weakness has already been exploited – although it has not been disclosed, exactly, how and to what extent. The Mountain View giant, however, together with the news of the problem also provided the solution, releasing the version 96.0.4664.110 Chrome for Windows, Mac and Linux on the stable channel: so if you haven’t already, update Chrome as soon as possible to take cover.
Returning to the problem recognized by Google, namely the CVE-2021-4102 vulnerability, we know that it is a use-after-free error which occurs in the Chrome 8 JavaScript engine. More specifically, this error concerns a pointer that refers to memory even after it is emptied.
The update, which as mentioned covers the flaw, contains five security-related fixes. Below you will find those provided by external researchers, which Google has chosen to underline (for more information you can consult the link in SOURCE).
- [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
- [$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
- [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
- [$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
- [$TBD][1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09
Leaving the more technical part of the speech, the practical one that concerns all users requires elementary steps. First of all it should be noted that the update for Chrome has a gradual distribution, and therefore may not yet be available for all users: but clearly over the hours the coverage increases.
To check if your Google Chrome is already updated to version 96.0.4664.110, and if it is not, check the availability of the update, the procedure is very simple.
In fact, it is sufficient to click on the three dots arranged vertically at the top right, then select “Guide” and finally “About Google Chrome”.