In the release notes for the new Chrome version, the company said, “Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.” The update will roll out worldwide over the coming days and weeks.
Google considers the vulnerabilities to be "high severity," as an attacker could exploit them and take control of the effected system.
John Bambenek, Principal Threat Hunter at Netenrich, a San Jose, Calif.-based digital IT and security operations company, says, “Browser bugs discovered from exploitation in the wild are among the most significant security threats. Now that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven’t made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors. Everyone wants to learn how to hack; too few people are working on defense.”
Various security researchers worked with Google during the development cycle to prevent security bugs from ever reaching the stable channel, Google says.
With these additional vulnerabilities, Google has now released patches for a total of ten zero-day vulnerabilities in Chrome in 2021, Kevin Dunne, President at Pathlock, a Flemington, N.J.-based provider of unified access orchestration.
Dunne adds, “This milestone highlights the emphasis that bad actors are putting on browser exploits, with Chrome becoming a clear favorite, allowing a streamlined way to gain access to millions of devices regardless of OS. Google’s commitment to patching these exploits quickly is commendable, as they operate Google Chrome as freeware and therefore are the sole entity who can provide these updates. Google is committed to providing Chrome as a free browser, as it is a critical entry point for other businesses such as Google Search and Google Workspace. We expect to see continued zero-day exploits in the wild, but we are confident Google will continue to place effort on security and to provide timely patches to these exploits.”