The official blog post of Google reads, “The Stable channel has been updated to 96.0.4664.110 for Windows, Mac and Linux which will roll out over the coming days/weeks. The extended stable channel has also been updated to 96.0.4664.110 for Windows and Mac which will roll out over the coming days/weeks.”
The company launched the new version rather quickly so that it could patch up a CVE-2021-4102 vulnerability. The vulnerability has been used by hackers. Moreover, the new update also offers to patch up to four additional vulnerabilities. It should be noted that Google could launch the next Chrome 97 version in the upcoming few days.
Tracked as CVE-2021-4102, the vulnerability is related to a use-after-free bug in the V8 JavaScript and WebAssembly engine. The flaw in Chrome could have had severe consequences ranging from the corruption of valid data to the execution of arbitrary code. The flaw was only noticed after an anonymous researcher discovered the existing flaw. The flaw would mark the 17th such weakness in Chrome that was discovered since the start of 2021.
However, at this point, it is unclear how the hackers exploit this flaw in real-world attacks. Google did issue a statement that says, “it’s aware of reports that an exploit for CVE-2021-4102 exists in the wild.” The announcement was made so that most users will be kept in the loop when the updates come with a probable fix to the issue, and to further prevent the exploitation by other threat actors.
The patched vulnerabilities include CVE-2021-4098 which poses a great threat due to insufficient data verification in Mojo, CVE-2021-4099 is a vulnerability for Swiftshader, CVE-2021-4100 has a problem with the life cycle of the object and CVE-2021-4101 has a stacked buffer overflow vulnerability.
Users can check the version of their respective browsers to start with manual updates.
