You can now find Cyber Kendra on Google News | Telegram

Google Fixed two Vulnerabilities in Chrome, Including 0Day

PoC code already exists on the web to exploit one of the patched vulnerabilities.

Google specialists have released a new version of the Chrome browser (89.0.4389.128) for Windows, macOS and Linux, fixing two vulnerabilities, for one of which there is already a PoC code, and the second is actively exploited in attacks.

In the first case, we are talking about the vulnerability CVE-2021-21220 in the rendering JavaScript engine V8, demonstrated by experts as part of the Pwn2Own 2021 competition.

As a reminder, security researcher Rajwardhan Agarwal published a working exploit for exploiting CVE-2021-21220 by reverse engineering the patch in the source code of the browser component. Agarwal also reported another vulnerability affecting Chromium-based browsers. The issue has been fixed in other browsers, however the latest release of Chrome remains vulnerable to attacks.

“The problems are different in nature, both of them can be used to remotely execute code during rendering,” the specialist explained.

Another vulnerability, CVE-2021-21206 , is a post-release exploit issue in the Blink browser engine for Chromium. According to Google, it is already being used in real attacks, but the company, as usual, does not disclose the details until the majority of users have installed the update.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.