Google Chrome for desktop platforms has been updated to version 96.0.4664.110. This version is an emergency update of Google Chrome used to fix security vulnerabilities, of which CVE-2021-4102 have been exploited by hackers in the wild. “Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild,” Google said in its advisory.
This exploited vulnerability is located in the Chrome v8 JavaScript engine. The type of vulnerability is a use after free security vulnerability, which is a high-risk security vulnerability.
Such vulnerabilities are mainly related to the incorrect use of dynamic memory during operation, such as the program not clearing the corresponding location pointer after releasing the memory location.
Attackers can use this vulnerability to attack programs, for example, to execute arbitrary code, or to escape from a sandbox designed for security isolation to launch more attacks.
This vulnerability was submitted by an anonymous researcher. Google has not disclosed the details of the vulnerability. It may not be disclosed until most users have installed the update.
For users of Google Chrome, please go to the About page to update automatically. If the automatic update is not possible, please download the new version and overwrite the installation.
