Google has released Chrome update 96.0.4664.110, which fixes 5 vulnerabilities, including a vulnerability (CVE-2021-4102) already exploited by attackers (0-day) and a critical vulnerability (CVE-2021-4098) that could bypass all levels of browser protection and execute code on the system outside of the sandbox environment.
Details have not yet been disclosed, it is only known that the 0-day vulnerability is caused by the use of memory after it is freed in the V8 engine, and the critical vulnerability is related to the lack of proper data validation in the Mojo IPC framework. Other vulnerabilities include a buffer overflow (CVE-2021-4101) and already freed memory access (CVE-2021-4099) in the Swiftshader rendering system, as well as an issue (CVE-2021-4100) with the object life cycle in ANGLE, a layer for translating OpenGL ES calls to OpenGL, Direct3D 9/11, Desktop GL and Vulkan.
Source: opennet.ru