Google has rolled out Chrome 93.0.4577.82 for Windows, Mac, and Linux, which fixes 9 CVEs, including two zero-day flaws actively exploited in the wild.
CVE-2021-30633 is a use-after-free bug in the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
“Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,” the company said without providing any additional information about the attacks.
Earlier this week, Apple released security updates for macOS, iOS, iPadOS, and watchOS to address two zero-day vulnerabilities, one of which was exploited in order to deploy the FORCEDENTRY exploit developed by Israeli spyware maker NSO Group on phones of multiple activists earlier this year.