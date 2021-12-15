Google released the browser Chrome in version 96.0.4664.110 for Windows, Mac and Linux. The new version does not introduce new features, but solves one “zero day” vulnerability, so already exploited by the bad guys, and therefore very strict. “Google is aware of reports that an exploit for CVE-2021-4102 is in circulation,” reads a public security bulletin from the company.

The browser, as known, it updates periodically automatically, but in these cases it is better to take matters into your own hands forcing the update immediately, which is very easy by going to the Chrome menu (the three points at the top right) -> Help -> About Google Chrome. The browser checks for news and updates itself after restarting.

The fixed “zero day” flaw, traced as CVE-2021-4102, was reported to Google by an anonymous security researcher and originates from a Use-After-Free (UAF) vulnerability (misuse of memory) in the V8 JavaScript engine.

Exploits like these are common and allow attackers to execute arbitrary code, thus allowing for the potential theft of sensitive data. The bug fixed the seventeenth “zero day” of the year for Google Chrome, which teaches us how it is often preferable not only to immediately adopt the updates proposed by the software, but also to be a little proactive, verifying firsthand the existence of updates for the programs we make extensive use of.

