Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.
“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” the release announcement reads.
The zero-day tracked as
CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.
Google describes it as a use after free bug in Blink, an open-source browser rendering engine developed by the Chromium project with contributions from Google, Facebook, Microsoft, and others.
Successful exploitation of this zero-day could lead to arbitrary code execution on systems running vulnerable Chrome versions.
Even though Google says that it is aware of CVE-2021-21193 active exploitation, it did not share info regarding these ongoing attacks.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
Until more information is available, Chrome users should have more time to install the security update rolling out over the coming days to prevent exploitation attempts.
The lack of additional info will also prevent other threat actors from developing their own exploits targeting this zero-day.
Another zero-day bug (CVE-2021-21166) exploited in the wild and described as an “Object lifecycle issue in audio” was addressed with the release of Chrome 89.0.4389.72 that started rolling out on March 2nd.
One more actively exploited Chrome zero-day, a heap buffer overflow bug in V8 tracked as CVE-2021-2114 and rated as high severity, was fixed in February.
Last year, Google patched five additional Chrome zero-days within a single month, between October 20 and November 12, all of them also being actively used in attacks.
Today’s Chrome release addresses four other vulnerabilities, two of them contributed by external researchers:
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.