Security News > 2021 > March > Google fixes second actively exploited Chrome zero-day bug this year
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.
"Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild," the Google Chrome 89.0.4389.72 announcement reads.
The Google Chrome web browser will then automatically check for the new update and install it when available.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added.
Google fixed another Chrome zero-day actively exploited in the wild in February, a heap buffer overflow bug in V8 tracked as CVE-2021-2114 and rated as high severity.
Last year, Google fixed five more actively exploited Chrome zero-days within a single month, between October 20 and November 12.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-21166 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-01-20 | CVE-2021-2114 | Unspecified vulnerability in Oracle Common Applications Calendar Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). | 0.0 |