Chrome point-update to patch a pair of security vulnerabilities affecting Windows, MacOS and Linux users. Google said it was aware of reports that both of these vulnerabilities – CVE-2021-21206 and CVE-2021-21220 — are being exploited in the wild.
The company confirmed that one of the bugs — described as “insufficient validation of untrusted input in V8 for x86_64” — was part of an exploit chain demonstrated at last week’s Pwn2Own marketing contest.
The second under-attack bug is currently documented simply as a use-after-free memory corruption vulnerability in Blink, the rendering engine used in Chrome. Google said the bug was reported anonymously.
So far in 2021, Google has rushed out fixes for at least three separate in-the-wild zero-day attacks