The US Cybersecurity and Infrastructure Agency (CISA) has advised Google Chrome users to install the latest version of the browser to mitigate the effects of numerous vulnerabilities.
CISA says it “encourages users and administrators to review the Chrome Release Note and apply the necessary updates.” That note says Chrome version 93.0.4577.82 contains fixes for 11 vulnerabilities, nine of which were discovered and disclosed by outside researchers, and all of which Google deems “High” severity based on its own severity guidelines.
Those guidelines organize vulnerabilities into six tiers of descending severity: Critical, High, Medium, Low, “Can’t impact Chrome users by default,” and “Not a security bug.” Google says that security flaws considered to be High severity “allow an attacker to execute code in the context of [sic] or otherwise impersonate other origins or read cross-origin data.”
Google says it “is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.” The company didn’t offer more information about those vulnerabilities, however, because access to those details “may be kept restricted until a majority of users are updated with a fix.” It could be a while before Chrome users know what exactly they’re being protected from.
Chrome version 93.0.4577.82 has been added to the Stable release channel, Google says, and will start to roll out to the Windows, Mac, and Linux versions of the browser “over the coming days/weeks.” But that staggered rollout only applies to Chrome’s automatic updates; users can limit the vulnerabilities’ potential impact on their systems by manually updating the browser via Help > About Google Chrome.