Another Zero-Day in Google Chrome Under Active Exploitation

Google has released a second emergency update for its Chrome Browser this month. Chrome version 89.0.4389.90 for Windows, Mac, and Linux fix five security bugs, one of which is an actively exploited zero-day issue (identified by CVE-2021-21193) which is a Use after free in Chrome’s Blink rendering engine. The other severity issues addressed include Use after free in WebRTC (CVE-2021-21191) and Heap buffer overflow in tab groups (CVE-2021-21192). A vulnerability management tool can manage the Google Exploit.

The vulnerability exists in Google Chrome’s browser engine Blink, which used to convert HTML code to a beautiful webpage. Also, The issue was reported by an anonymous person on 2021-03-09. However, a patch management tool can patch this vulnerability.

Google added in the advisory,

The vulnerability is also a high severity issue that causes heap-buffer overflow error that stems from Chrome tab groups. Abdulrahman Alqabandi reported the vulnerability along with Microsoft Browser Vulnerability Research on 2021-02-23.

Patch for another high-severity use-after-free flaw released. The issue found in WebRTC (web real-time communications), which is an open-source project that gives web browsers and mobile applications interactive communications capabilities (such as voice, video, and chat). The flaw reported by Raven (@raid_akame) on 2021-01-15.

Google Chrome version with 89.0.4389.90.

The vulnerabilities allow a remote malicious user to execute arbitrary code, exploit heap-based buffer overflow or cause a DOS (Denial Of Service) attack on the affected system.

However, Google has released the security updates addressing the issue in Google Chrome version 89.0.4389.90.

SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SecPod’s SanerNow to keep your systems updated and secure.