Google Patched Another ZeroDay Vulnerability in Chrome

This is the Third Bug in this year, Google Patched on Chrome


Google has released a hotfix for another actively exploited vulnerability ( CVE-2021-21193 ) in the Chrome browser. The issue has been fixed in Chrome version 89.0.4389.90 for Windows, Mac and Linux.

Google experts describe the issue as a post-release exploit vulnerability in the open source Blink browser rendering engine developed by the Chromium project with contributions from Google, Facebook, Microsoft and others.

Exploitation of this zero-day vulnerability could allow an attacker to execute arbitrary code on systems with vulnerable versions of Chrome. Despite the fact that Google is aware of the active exploitation of CVE-2021-21193, the tech giant has not shared details about the current cyberattacks.

"Access to information about the problem and links may be restricted until the majority of users install the hotfix," the company explained.

The lack of additional information will also prevent other attackers from developing their own exploits for the zero-day vulnerability.

Google has also fixed two other dangerous issues: a post-release exploit vulnerability ( CVE-2021-21191 ) in WebRTC and a heap buffer overflow vulnerability in tab groups ( CVE-2021-21192 ).

As a reminder, this is the third zero-day vulnerability fixed in Chrome this year. The first issue ( CVE-2021-21148 ) was fixed in February as a heap overflow vulnerability in the V8 JavaScript engine, and the second issue was fixed in March ( CVE-2021-21166 ) as an “audio object lifecycle issue”.