Chrome on Desktop gets an emergency patch to prevent Hacker Attacks — What to Do

Chrome on Desktop gets an emergency patch to prevent Hacker Attacks — What to Do

It's time to update Google Chrome on your desktop again. Google released an emergency patch on Friday, September 24, fixing one "zero-day" flaw that is currently out in the wild.

To update to the new version of Chrome 94.0.4606.61 for Windows, Mac, and Linux, it is often sufficient to close and re-launch Chrome. However, depending on your Linux distribution, you may need to wait for the next omnibus update package.

If turning Chrome off and back on again does not work, use the mouse cursor to click on the three vertical dots in the upper right corner of the browser window. Drag the cursor down and hover over Help in the drop-down menu, then click About Google Chrome in the menu that appears.

A new browser tab will open, indicating whether your browser is up-to-date. If not, an update will be downloaded and you will be prompted to restart.

The newly resolved vulnerability, cataloged as CVE-2021-37973, appears to be related to a memory handling issue (use-after-free) in the portal.

It is unclear who is using this issue to attack whom, but if Google is updating Chrome to fix this one flaw just three days after a major update to Chrome 94, it must be pretty bad.

Portals are a fairly new browser feature that allows "seamless and instant navigation between pages" by having one web page embed elements within another.

In a video on Google's web developer site, an image from one website appears on a page on another site, and when the user clicks on the image, the page takes over without having to reload the other site. Excellent.

This is all we know about the flaw so far, other than Google stating that they are "aware of the existence of the CVE-2021-37973 exploit."

The flaw was discovered by Clément Lecigne of the Google Threat Analysis Group, who apparently received "technical assistance" from Sergei Glazunov and Mark Brand of Google's Project Zero team.

Lecigne is also credited as one of the co-discoverers of the iOS and macOS flaws that Apple patched on Thursday (September 23). There is no indication yet that the two flaws are related.

Google also maintains and updates the Chromium open source project, which is the basis for many other browsers, including Brave, Microsoft Edge, Opera, and Vivaldi.

As of this writing, none of these four browsers have updated to the latest version of Chromium.

This is the 12th zero-day flaw that Google has patched in the desktop version of Chrome so far this year. Below is a timeline of the latest (and not-so-latest) updates to Chrome desktop.

Categories