It’s time to update Chrome and once again, for the third month in a row, Google has fixed two previously unknown ‘zero-day’ bugs in the world’s most popular desktop browser.
Google disclosed that it had patched the two high-severity zero-day flaws in release notes for the stable release of Chrome version 95.0.4638.69 for Windows, Mac and Linux. Any version number higher than that will have the fixes.
It’s a good idea to check out Google’s support page for Chrome updates, which explains how Chrome can be set to automatically update when patches become available. Otherwise, Chrome has an ‘Update’ button that is coloured red if an update is at least a week old, indicating that it should be installed.
The two zero-day flaws — which are being exploited by attackers now — are being tracked with the identifiers CVE-2021-38000 and CVE-2021-38003. Both were found by Google’s Threat Analysis Group (TAG), which tracks state-sponsored and cyber-criminal exploit activity.
The second of the two zero-days was also reported by Samuel Groß from Google Project Zero on 26 October, indicating how fast Google is responding to