Google has shipped an urgent Chrome update to address yet another zero-day vulnerability that has been actively exploited in attacks.
Tracked as CVE-2021-37973, the security bug is described as a use-after-free issue in the Portals API, a web page navigation technology that pre-renders content when transitioning to a new page, for a seamless experience.
Google did not provide technical details on CVE-2021-37973, but warned that an exploit for it exists in the wild. The search giant credited Clément Lecigne from Google TAG and Sergei Glazunov and Mark Brand from Google Project Zero for reporting the vulnerability.
The security hole can be exploited to execute arbitrary code on a vulnerable system, allowing an attacker to potentially “view, change, or delete data,” the Multi-State Information Sharing and Analysis Center (MS-ISAC) warns.
In a separate advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the update as soon as possible.
“Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild,” CISA says.
There have been 68 documented zero-day attacks so far in 2021. Data reviewed by SecurityWeek shows that 12 of these security holes were found in Google’s Chrome and Android platforms.
Chrome 94.0.4606.61 was released to address the new zero-day exploit only days after the first stable release of Chrome 94 was announced.
Related: Google Warns of Exploited Zero-Days in Chrome Browser
Related: Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93
Related: Apple Confirms New Zero-Day Attacks on Older iPhones

More from Ionut Arghire
- US, Israel Provide Guidance on Securing Remote Access Software
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
