Google rolls out Chrome update to fix zero day exploits

The release fixes seven exploits, two of which have already been used

Google is rolling out Chrome version 95.0.4638.69 for Windows, Mac and Linux. The release fixes seven vulnerabilities, two of which were zero-day exploits being actively employed.

As seen by Bleeping Computer, all seven of the vulnerabilities were classified "High" and it is recommended you update as soon as possible.

You can check if your browser is updated by clicking on the three vertical buttons next to your profile picture and selecting Settings. Then select About Chrome from the left. Chrome will check for updates and auto update or you can check if your version number is the same as the one mentioned above.

Google so far hasn't disclosed details for the attacks that used the two zero-day exploits. The two flaws were titled CVE-2021-38000 and CVE-2021-38003. One of these vulnerabilities involved a bug in Chrome's V8 JavaScript engine, while the other occurs due to, "Insufficient validation of untrusted input in Intents."

CVE-2021-38000 was discovered by Clement Lecigne, Neel Mehta and Maddie Stone from Google's threat analysis group. Lecigne also discovered the second vulnerability, CVE-2021-38003.

This is Chrome's fifteenth fixed zero-day to be fixed this year and it is strongly recommended that you turn on Enhanced Protection within Chrome's settings.

Click on Settings, then look for Privacy and Security on the left. Click on it, and you should see a button for Check Now under Safety Check. Run the check and once it finishes, click on Safe Browsing. Then select Enhanced Protection.

Google has remained mum on how the vulnerabilities were exploited or the attacks they were used in.