Google Chrome 96.0.4664.110 available
The update fixes a new 0-day gap.
A week after the first security update for Chrome 96, Google released a second update. The developers have also closed a 0-day vulnerability with this update.
A week ago, Google released an update to Chrome 96.0.4664.93 to fix 22 security vulnerabilities. On December 13, Google released another update to Chrome 96.0.4664.110 to fix serious security vulnerabilities, including one that is already being used for attacks. That was the 17th 0-day vulnerability in Chrome this year.
The Chrome Release Blog lists five fixed vulnerabilities (CVE-2021-4098 to -4102), all of which were discovered and reported by outside researchers. The vulnerability CVE-2021-4098 is classified as critical.
Three other vulnerabilities are also classified as high risk. This is a use-after-free vulnerability and a buffer overflow in the 3D renderer Swiftshader as well as a vulnerability (CVE-2021-4100) in the graphics library ANGLE (Almost Native Graphics Layer Engine).
Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help » About Google Chrome.