Google has released a second emergency update for its Chrome Browser this month. Chrome version 89.0.4389.90 for Windows, Mac, and Linux fix five security bugs, one of which is an actively exploited zero-day issue (identified by CVE-2021-21193) which is a Use after free in Chrome’s Blink rendering engine. The other severity issues addressed include Use after free in WebRTC (CVE-2021-21191) and Heap buffer overflow in tab groups (CVE-2021-21192). A vulnerability management tool can manage the Google Exploit.
Zero-Day CVE-2021-21193 (Google Exploit)
The vulnerability exists in Google Chrome’s browser engine Blink, which used to convert HTML code to a beautiful webpage. Also, The issue was reported by an anonymous person on 2021-03-09. However, a patch management tool can patch this vulnerability.
Google added in the advisory,
Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.
Other Vulnerabilities in Google Exploit
CVE-2021-21192
The vulnerability is also a high severity issue that causes heap-buffer overflow error that stems from Chrome tab groups. Abdulrahman Alqabandi reported the vulnerability along with Microsoft Browser Vulnerability Research on 2021-02-23.
CVE-2021-21191
Patch for another high-severity use-after-free flaw released. The issue found in WebRTC (web real-time communications), which is an open-source project that gives web browsers and mobile applications interactive communications capabilities (such as voice, video, and chat). The flaw reported by Raven (@raid_akame) on 2021-01-15.
Affected Products in Google Exploit
Google Chrome version with 89.0.4389.90.
Impact
The vulnerabilities allow a remote malicious user to execute arbitrary code, exploit heap-based buffer overflow or cause a DOS (Denial Of Service) attack on the affected system.
Solution
However, Google has released the security updates addressing the issue in Google Chrome version 89.0.4389.90.
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SecPod’s SanerNow to keep your systems updated and secure.