October 2, 2023

Google today rolled out fixes for yet another zero-day vulnerability exactly. A month after 1st zero day fixed

Chrome 89.0.4389.72, released for Windows, Mac, and Linux comes with a total of 47 security fixes, the most severe of which concerns an object lifecycle issue in audio.Tracked as CVE-2021-21166.

Google acknowledged that an exploit for the vulnerability exists in the wild but stopped short of sharing more specifics to allow a majority of users to install the fixes and prevent other threat actors from creating exploits targeting this zero-day.

This is the second zero-day flaw in Chrome that Google has addressed since the start of the year. Last month, the company issued a fix for an actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Additionally, Google last year resolved five Chrome zero-days that were actively exploited in the wild in a span of one month between October 20 and November 12.

Leave a Reply

%d bloggers like this: