Google releases emergency Chrome update

Just a few days after their latest Chrome patch, which targeted a different set of vulnerabilities within versions of the browser, Google has released another emergency patch to mitigate security exploits. 

Google has urged users to update their Chrome browsers to the latest iteration which brings with it a patch for what has been acknowledged as a “critical” security risk. The risk has been labelled as critical due to the fact the vulnerability was found to be actively exploited by malicious third parties prior to the fix, meaning the patch is reactive as opposed to preventative. 

The risk is stated to affect Linux, macOS as well as Windows. The security vulnerability, coined as CVE-2021-37973 has been categorised as a zero-day vulnerability which again refers to the fact that the exploit was found to be in use by hackers. 

Subsequently, the severity of the damages posed by the vulnerability are yet to be fully disclosed, as the cybersecurity division working on the incident do not yet know the scale of exploitation by the hackers. 

Furthermore, although a spokesperson stated “Google is aware that an exploit for CVE-2021-37973 exists in the wild,” the company have refrained from releasing more information about the nature of the exploit until they feel like enough of the userbase have installed the update, to prevent further attacks. 

This vulnerability comes as a concern and a surprise to many, especially as the emergency patch was released just a couple of days following the last Chrome update, which was said to fix 19 bugs and be “stable”.  

The discovery of the security risk was made by Clement Lecigne, a member of Google’s Threat Analysis Group (TAG) on September the 21st, alongside member of the Google Zero team. Since the identification of the vulnerability, it took Google teams three days to release the patched version of the browser.  

Titled “Google Releases Security Updates for Chrome” the official U.S. government website for National Cyber Awareness, The United States’ Cybersecurity and Infrastructure Security Agency (CISA), issued a warning and call to action for users to update their browsers,  

Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible 

To check that a browser has installed the latest update, Chrome users should access Chrome via the three dots in the top right-hand corner of the browser. Help > About Google Chrome. Most users will have automatic update downloads enabled, but if the current version displayed in this section is not “Up to Date” users should manually install the patched version which protects against the exploit.