DESCRIPTION:
Multiple vulnerabilities (CVE-2021-37974~37976) exist in Google Chrome and Microsoft Edge. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, and execute arbitrary code on the system. Successful exploitation of the vulnerabilities may allow an attacker to compromise a vulnerable system.
AFFECTED RELEASES:
Google Chrome prior to 94.0.4606.71
Microsoft Edge prior to 94.0.992.38
SOLUTION:
Upgrade to at least Google Chrome 94.0.4606.71 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.
Upgrade to at least Microsoft Edge 94.0.992.38 by following steps:
1. Open the Microsoft Edge browser.
2. Enter “edge://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Edge.
3. After Edge is updated, click the “RELAUNCH” option to restart Edge and complete the update.
REFERENCE:
1. https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
2. https://thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html
3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974
4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975
5. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976