Google Warns Chrome Users About Multiple High-Level Exploits

Close up of Google Chrome Info Page with Chrome Logo

Google has found several new vulnerabilities — including five rated as a ‘High’ vulnerability — in its popular internet browser Google Chrome. This is the third time in the space of a month that Google has had to address vulnerabilities with its browser. Chrome is used by over 2.65 billion users around the world.

Thankfully, the tech giant has issued an update to patch these flaws, which will be rolled out over the next few days. Read on to learn more about the exploits, as well as the steps you should take to protect yourself.

List of High-Level Exploits

Google has provided details about the discovered vulnerabilities in its blog post. Understandably, it has decided to restrict access to bug details and links until a significant number of users have updated their browser.

The high-level exploits detected are ‘use after free’ (UAF) or ‘heap buffer overflow’ flaws. The ‘High’ level exploits that it has found are

  1. CVE-2021-37981 — a heap buffer overflow in Skia
  2. CVE-2021-37982 — a use after free exploit in Incognito
  3. CVE-2021-37983 — a use after free exploit in Dev Tools
  4. CVE-2021-37984 — a heap buffer overflow in PDFium
  5. CVE-2021-37985 — a use after free exploit in V8

Google also provided information about 11 other flaws that it has categorized as either ‘Medium’ or ‘Low’ level.

Chrome Users Should Update Their Browser Immediately

The company has released an update, version 95.0.4638.54, for its browser to address the identified vulnerabilities. If you are a regular Chrome user, be sure to update your browser at the earliest possible time.

It is also important to note that the update rollout will be staggered. Therefore, some users may not be able to immediately update their Chrome browser. In case a user cannot update their browser immediately, they are advised to check for the new version regularly.

Anonymous Browsing Options

The frequency with which Google is finding new vulnerabilities with its browser can be worrying. However, while the company works to improve its cybersecurity, its privacy practices ought to garner more attention.

Many have questioned how much user information Google — and by extension, Chrome — collects. This is because Chrome users are often automatically logged into their Google accounts when they use the browser. This means the company can track the user’s browser activity and use it to profile them.

While Chrome may be a convenient option, there are alternative browsers that do much more to protect user privacy. To learn more about anonymous browsing, as well as alternative browser options, check out our article here.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.