According to the news published on the official blog of Google Chrome, this week the Google Chrome development team has launched a security update of version 93.0.4577.82 to all stable version users.
This security update is used to fix zero-day vulnerabilities that hackers have successfully exploited in the wild. The vulnerabilities are numbered CVE-2021-30632 and CVE-2021-30633.
Since most users may not have completed the upgrade at present, the details of the vulnerability will not be made public for the time being. Google will announce the details of the vulnerability after most users have completed the upgrade.
Although Google has not announced the details of the vulnerability, the summary information is still available. The above-mentioned vulnerabilities are all memory leak vulnerabilities, and usually, such vulnerabilities will cause the program to crash.
But attackers can use vulnerabilities to execute arbitrary code, escape from sandboxes, and perform other malicious actions. In fact, these vulnerabilities are indeed exploited by hackers.
Among them, CVE-2021-30632 is an out-of-bounds write of the V8 engine, and CVE-2021-30633 is a UAF vulnerability in the index database API. The specific details are unknown.
Given that the above-mentioned vulnerabilities have been exploited by hackers, it is recommended that all Google Chrome users upgrade to the latest version, Chrome 93.0.4577.82.