Google has rolled out Chrome 95.0.4638.69 for Windows, Mac, and Linux to address a slew of security vulnerabilities, including two bugs said to have been actively exploited by hackers.
The flaws in question are CVE-2021-38000 and CVE-2021-38003. The first one exists due to insecure implementation in V8 engine in Chrome and allows remote code execution. To achieve this an attacker needs to a malicious website and trick the victim into visiting it.
The second bug is described as an inappropriate implementation issue in the Chrome V8 JavaScript engine, which can be used to compromise the vulnerable system.
In addition to above mentioned, Google has fixed a number of high-severity use-after-free and type confusion bugs that allowed a remote attacker to execute arbitrary code or hijack the target system.
Chrome users can update to the latest version by heading to Settings > Help > 'About Google Chrome'.