Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system.

The flaw, described as a use-after-free bug in Garbage Collection, was reported last month by an anonymous researcher. Google says it paid a $10,000 bounty reward for the finding.

Now rolling out to desktop users as Chrome version 94.0.4606.81, the new browser iteration also addresses two heap buffer overflow vulnerabilities in Blink (CVE-2021-37978) and WebRTC (CVE-2021-37979).