Chr’0’me day….
Share this:
Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.
The browser maker shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.
While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.
As is usually the case with actively exploited flaws, Google issued a terse statement acknowledging that an exploit for CVE-2021-21193 existed but refrained from sharing additional information until a majority of users are updated with the fixes and prevent other threat actors from creating exploits targeting this zero-day.
“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” Google has fixed three zero-day flaws in Chrome since the start of the year.
Earlier this month, the company issued a fix for an “object lifecycle issue in audio” (CVE-2021-21166) which it said was being actively exploited. Then on February 4, the company resolved another actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Good blog you have here.. It’s difficult to find high-quality writing like yours nowadays. I honestly appreciate people like you! Take care!!