Chrome users beware, just days after I warned attacks on Google’s browser are increasing, another critical hack has been confirmed.
Google published the news in a new blog post, where it revealed Chrome’s 11th ‘zero day’ exploit of the year has been found (CVE-2021-37973) and it affects Linux, macOS and Windows users. A zero-day classification means hackers have been able to exploit the flaw before Google could release a fix, which makes it significantly more dangerous than most security flaws. Google confirmed this saying it “is aware that an exploit for CVE-2021-37973 exists in the wild”.
In an attempt to protect users and buy them time to upgrade, Google is keeping the details surrounding CVE-2021-37973 a closely guarded secret. All the company would provide were its threat ranking, what part of Chrome had been exploited and that it was discovered in-house by Google employees:
Interestingly, the new zero-day is yet another ‘Use-After-Free’ (UAF) vulnerability. As I noted just three days ago, this has been a fruitful avenue for hackers in recent months. In September alone, 10 UAF High rated vulnerabilities were found in Chrome. UAF vulnerabilities are memory exploits, when a program fails to clear the pointer to the memory after it is freed.