Google has shipped an urgent Chrome update to address yet another zero-day vulnerability that has been actively exploited in attacks.
Tracked as CVE-2021-37973, the security bug is described as a use-after-free issue in the Portals API, a web page navigation technology that pre-renders content when transitioning to a new page, for a seamless experience.
Google did not provide technical details on CVE-2021-37973, but warned that an exploit for it exists in the wild. The search giant credited Clément Lecigne from Google TAG and Sergei Glazunov and Mark Brand from Google Project Zero for reporting the vulnerability.
The security hole can be exploited to execute arbitrary code on a vulnerable system, allowing an attacker to potentially “view, change, or delete data,” the Multi-State Information Sharing and Analysis Center (MS-ISAC) warns.
In a separate advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the update as soon as possible.
“Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild,” CISA says.
There have been 68 documented zero-day attacks so far in 2021. Data reviewed by SecurityWeek shows that 12 of these security holes were found in Google’s Chrome and Android platforms.
Chrome 94.0.4606.61 was released to address the new zero-day exploit only days after the first stable release of Chrome 94 was announced.
Related: Google Warns of Exploited Zero-Days in Chrome Browser
Related: Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93
Related: Apple Confirms New Zero-Day Attacks on Older iPhones

More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
