Security News > 2021 > March > Google fixes second actively exploited Chrome zero-day this month

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.

The zero-day tracked as CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.

Even though Google says that it is aware of CVE-2021-21193 active exploitation, it did not share info regarding these ongoing attacks.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.

Another zero-day bug exploited in the wild and described as an "Object lifecycle issue in audio" was addressed with the release of Chrome 89.0.4389.72 that started rolling out on March 2nd. One more actively exploited Chrome zero-day, a heap buffer overflow bug in V8 tracked as CVE-2021-21148 and rated as high severity, was fixed in February.

Last year, Google patched five additional Chrome zero-days within a single month, between October 20 and November 12, all of them also being actively used in attacks.

News URL

https://www.bleepingcomputer.com/news/security/google-fixes-second-actively-exploited-chrome-zero-day-this-month/