Per Lawrence Abrams' 28-Oct-2021 BleepingComputer article Emergency Google Chrome Update Fixes Zero-Days Used in Attacks:
Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.
"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the list of security fixes in today's Google Chrome release.
The Chromium-based MS Edge browser is also affected but there is no indication in Microsoft’s Security Update Guide at https://msrc.microsoft.com/update-guide or the MS Edge release notes at https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnote-stable-channel that the current MS Edge v95.0.1020.38 (rel. 28-Oct-2021) includes a patch for either CVE-2021-38000 or CVE-2021-38003 - at least when I checked those links this morning on 29-Oct-2021. The Release Notes for Microsoft Edge Security Updates also state:
October 28, 2021
Microsoft is aware of the recent exploit existing in the wild. We are actively working on releasing a security patch as reported by the Chromium team.
Kudos to Susan Bradley for posting about these Chromium zero-days being actively exploited in the wild in the AskWoody blog at Zero Days in Browser.
-----------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H1 build 19043.1288 * Microsoft Defender v4.18.2109.6 * Malwarebytes Premium v4.4.9.142-1.0.1486 * Firefox v93.0.0 * MS Edge v95.0.1020.38