CVE-2021-37975 is a user-after-free bug in the V8 JavaScript engine.Credit for technical assistance also goes out to Sergei Glazunov and Mark Brand from Google Project Zero. It was discovered by Clément Lecigne from Google’s Threat Analysis Group (TAG) and reported on Tuesday of last week, Sept. CVE-2021-37976 is described as an “information leak in core” and was assigned a Medium severity level.“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in Thursday’s security update. 71 to users worldwide in the Stable Desktop channel, and it should be available to all users within coming days. Just as it did with the pair of zero days that were being exploited in the wild earlier this month, Google is keeping technical details close to the vest, at least until most users have had a chance to plug in the update. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” Google disclosed with the release of the browser fixes. 71 stable channel release for Windows, Mac and Linux to fix the two zero-days, which were included in an update with a total of four security fixes. On Thursday evening, the web Goliath released the Chrome. This hoists this year’s total number of zero days found in the browser up to a dozen. Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild.
0 kommentar(er)
