Google has just pushed an unscheduled update of the Chrome browser to Windows, Mac, and Linux platforms to fix a high-risk zero-day vulnerability that is being widely exploited.
Google pointed out in its security bulletin on Monday that it has received a report on the field exploitation of the CVE-2021-4102 vulnerability. It is known that the problem stems from a “Use-After-Free” vulnerability in the Chrome V8 JavaScript engine.
Bleeping Computer pointed out that UAF is a vulnerability related to “incorrect use of dynamic memory” during program operation. If the program does not clear the pointer to this location after releasing the memory location, the attacker can use this bug to invade the program and then use it to execute arbitrary code or escape the control of the browser’s security sandbox.
It is reported that an anonymous security researcher submitted this vulnerability report to Google. But until most users have implemented the update and fixes, the official will not disclose the full details of the CVE-2021-4102 vulnerability.
If your Chrome browser version has not been updated to 96.0.4664.110 (such as 96.0.4664.93), please click the “vertical three dots” button (┆) in the upper right corner of the window as soon as possible. Then go to “Help -> About Google Chrome” to get the update, which will take effect after restarting the software.