Google has released an urgent update to the proprietary Chrome browser for Windows, macOS and Linux. The update closes two zero-day vulnerabilities actively exploited by cybercriminals, as well as five more simpler vulnerabilities.
We are talking about vulnerabilities labeled CVE-2021-38000 and CVE-2021-38003. The first of these, CVE-2021-38000, is described as “Insufficient validation of untrusted input in intents.” This vulnerability was discovered by Clement Lesigne, Neil Mehta and Maddie Stone of the Google Threat Analysis Group on September 15, 2021.
So far, neither Google nor security researchers have provided further information on how attackers exploited vulnerabilities in attacks. Since these two vulnerabilities have been actively exploited, all Chrome users are advised to manually update or restart their browser to install the latest version.