Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.

The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Details about the flaw are scarce except that it was reported to Google by an anonymous researcher on March 9.
As is usually the case with actively exploited flaws, Google issued a terse statement acknowledging that an exploit for CVE-2021-21193 but refrained from sharing additional information until a majority of users are updated with the fixes and prevent other threat actors from creating exploits targeting this zero-day.

"Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild," Chrome Technical Program Manager Prudhvikumar Bommana noted in a blog post.

With this update, Google has fixed three zero-day flaws in Chrome since the start of the year.
Earlier this month, the company issued a fix for an "object lifecycle issue in audio" (CVE-2021-21166) which it said was being actively exploited. Then on February 4, the company resolved another actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Chrome users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top