Google has released an update for its Chrome browser on Windows, Mac, and Linux that brings a total of seven security fixes. The list of spots includes one for a zero-day vulnerability that was exploited in the wild. The updated Chrome browser will be rolled out over the coming days, Google said in an advisory. Users are recommended to install the update as early as it reaches their devices. The search giant also credited and rewarded external security researchers who reported the vulnerabilities.
According to the advisory released by Google, the updated Chrome browser carries version 90.0.4430.85 through a blog post. The update is compatible with Windows, Mac, and Linux devices.
The third vulnerability that the updated Chrome browser brings is CVE-2021-21224, and it’s a type of confusion in the V8 engine. The CVE-2021-21225 out-of-bounds memory access flaw in the V8 engine and the CVE-2021-21226 use-after-free in navigation.
Among the flaws that Google has fixed and detailed through its advisory, the CVE-2021-21224 was exploited in the wild. However, there aren’t any details on whether the issue has affected any regular Chrome users. Information about the remaining security fixes was also not provided.
Access to bug details and links may be kept restricted until most users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed,” the company said. Users can manually look for the latest update on their Chrome by going to the About Chrome settings on their devices. The browser, however, gets updated automatically soon after its latest version is rolled out from the company side.