Google releases Chrome security update to patch actively exploited zero-day

Google has patched its 15th zero-day vulnerability for Chrome, with the out of band release of Chrome 95.0.4638.69 for Windows, Mac, and Linux.

The release patches two zero-day vulnerabilities which are being actively exploited in the wild.

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google disclosed in the list of security fixes in today’s Google Chrome release.

CVE-2021-38000 is due to “Insufficient validation of untrusted input in Intents” and was assigned a High severity level.

CVE-2021-38003, is a High severity “Inappropriate implementation” bug in the Chrome V8 JavaScript engine.

Google did not say how the vulnerabilities are being exploited.

Besides the two actively exploited zero-day vulnerabilities, there are 5 other vulnerabilities fixed with the update.

As the bugs are being actively exploited Chrome users are urged not to delay installing the update, most easily achieved by simply restarting your browser.