Security News > 2021 > March > Google fixes second actively exploited Chrome zero-day this month
Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.
The zero-day tracked as CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.
Even though Google says that it is aware of CVE-2021-21193 active exploitation, it did not share info regarding these ongoing attacks.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.
Another zero-day bug exploited in the wild and described as an "Object lifecycle issue in audio" was addressed with the release of Chrome 89.0.4389.72 that started rolling out on March 2nd. One more actively exploited Chrome zero-day, a heap buffer overflow bug in V8 tracked as CVE-2021-21148 and rated as high severity, was fixed in February.
Last year, Google patched five additional Chrome zero-days within a single month, between October 20 and November 12, all of them also being actively used in attacks.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-02-09 | CVE-2021-21148 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |