Google fixed the 17th zero-day in Chrome since the start of the year

Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild.

Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild.

The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution of arbitrary code or data corruption.

“Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.” reads the advisory published by Google which did not share additional info regarding these attacks.

The vulnerability was reported by an anonymous researcher on 2021-12-09.

Google has already addressed 17 zero-day vulnerabilities in Chrome this year, below is the full list:

CVE-2021-21148 – February 4th, 2021CVE-2021-21166 – March 2nd, 2021CVE-2021-21193 – March 12th, 2021CVE-2021-21220 – April 13th, 2021CVE-2021-21224 – April 20th, 2021CVE-2021-30551 – June 9th, 2021CVE-2021-30554 – June 17th, 2021CVE-2021-30554 – June 17th, 2021CVE-2021-30563 – July 15th, 2021CVE-2021-30632 & CVE-2021-30633 – Sept 13th, 2021CVE-2021-37973 – Sept 24th, 2021CVE-2021-37975 and CVE-2021-37976 – Oct, 13st, 2021CVE-2021-38000 and CVE-2021-38003 – Oct, 28th 2021Be sure to update your Chrome install to the latest 96.0.4664.110 version for Windows, Mac, and Linux.

The other issues fixed by Google with the latest release are:

[$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26

[$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16

[$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19

[$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair  on 2021-10-21

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

The post Google fixed the 17th zero-day in Chrome since the start of the year appeared first on Security Affairs.