Precisely a month after patching an actively exploited zero-day flaw in Chrome, Google at present rolled out fixes for one more zero-day vulnerability on the planet’s hottest net browser that it says is being abused within the wild.
Chrome 89.0.4389.72, launched by the search big for Home windows, Mac, and Linux on Tuesday, comes with a complete of 47 safety fixes, essentially the most extreme of which issues an “object lifecycle challenge in audio.”
Tracked as CVE-2021-21166, the safety flaw is without doubt one of the two safety bugs reported final month by Alison Huffman of Microsoft Browser Vulnerability Analysis on February 11. A separate object lifecycle flaw, additionally recognized within the audio element, was reported to Google on February 4, the identical day the secure model of Chrome 88 turned accessible.
With no extra particulars, it is not instantly clear if the 2 safety shortcomings are associated.
Google acknowledged that an exploit for the vulnerability exists within the wild however stopped in need of sharing extra specifics to permit a majority of customers to put in the fixes and forestall different risk actors from creating exploits concentrating on this zero-day.
“Google is conscious of stories that an exploit for CVE-2021-21166 exists within the wild,” Chrome Technical Program Supervisor Prudhvikumar Bommana said.
That is the second zero-day flaw addressed by Google in Chrome because the begin of the 12 months.
Moreover, Google final 12 months resolved five Chrome zero-days that have been actively exploited within the wild in a span of 1 month between October 20 and November 12.
Chrome customers can replace to Chrome 89 by heading to Settings > Assist > About Google Chrome to mitigate the danger related to the flaw.