Google has rolled out Chrome 94.0.4606.61 for Windows, Mac and Linux to address a zero-day vulnerability exploited in the wild.
Tracked as CVE-2021-37973, the flaw has been described as a use-after-free error that occurs when processing HTML content within the Portals component in Google Chrome. A remote hacker can exploit this bug to run an arbitrary code on the system. For this, the attacker would need to trick the user into visiting a malicious website.
While additional details on the vulnerability have been withheld until a majority of the users would apply the patch, Google said it “is aware that an exploit for CVE-2021-37973 exists in the wild.”
Chrome users are advised to update to the latest version by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the bug.
Earlier this month, Google patched two Chrome zero-days (CVE-2021-30632 and CVE-2021-30633) affecting the V8 JavaScript engine the Indexed DB API component in Google Chrome respectively.
Last week, Apple released security updates to address a zero-day vulnerability exploited by hackers to break into iPhones and Macs running older iOS and macOS versions.