Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

March 13, 2021

Google has addressed one more actively exploited zero-day in Chrome browser, marking the second such repair launched by the corporate inside a month.

The browser maker on Friday shipped 89.0.4389.90 for Home windows, Mac, and Linux, which is predicted to be rolling out over the approaching days/weeks to all customers.

Whereas the replace accommodates a complete of 5 safety fixes, crucial flaw rectified by Google considerations a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Particulars in regards to the flaw are scarce besides that it was reported to Google by an nameless researcher on March 9.

As is often the case with actively exploited flaws, Google issued a terse assertion acknowledging that an exploit for CVE-2021-21193 existed however avoided sharing extra info till a majority of customers are up to date with the fixes and forestall different risk actors from creating exploits focusing on this zero-day.

“Google is conscious of stories that an exploit for CVE-2021-21193 exists within the wild,” Chrome Technical Program Supervisor Prudhvikumar Bommana noted in a weblog put up.

With this replace, Google has mounted three zero-day flaws in Chrome for the reason that begin of the 12 months.

Earlier this month, the corporate issued a repair for an “object lifecycle problem in audio” (CVE-2021-21166) which it mentioned was being actively exploited. Then on February 4, the corporate resolved one other actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Chrome customers can replace to the most recent model by heading to Settings > Assist > About Google Chrome to mitigate the chance related to the flaw.

Posted in SecurityTags:
Write a comment