TAG has been busy… and so has Chrome ('Reported on 9-21, patched 9-24'!)ĬVE-2021-37973 in-the-wild use after free in Portals discovered by The bug, classified as high in severity, is a use-after-free flaw in the Portals Web API, Google’s webpage navigation component of the Chromium browser engineĬlément Lecigne of Google’s Threat Analysis Group (TAG) was credited on September 21 st with the discovery of the vulnerability, with technical assistance provided by two of his colleagues from Google Project Zero, Sergei Glazunov and Mark Brand. “Google is aware that an exploit for CVE-2021-37973 exists in the wild,” Google revealed about the newly disclosed zero-day vulnerability.
The security loophole affects the Windows, macOS, and Linux versions of the popular browser. Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors.
The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes