Security News > 2021 > March > Google fixes second actively exploited Chrome zero-day bug this year
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.
"Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild," the Google Chrome 89.0.4389.72 announcement reads.
The Google Chrome web browser will then automatically check for the new update and install it when available.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added.
Google fixed another Chrome zero-day actively exploited in the wild in February, a heap buffer overflow bug in V8 tracked as CVE-2021-2114 and rated as high severity.
Last year, Google fixed five more actively exploited Chrome zero-days within a single month, between October 20 and November 12.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-21166 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-01-20 | CVE-2021-2114 | Unspecified vulnerability in Oracle Common Applications Calendar Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). network oracle | 5.8 |