Google has warned of reports that the zero-day vulnerability in the Chrome browser has been exploited. Google’s announcement, released on Tuesday, also marks the release of Chrome 89 to a stable desktop channel for Windows, Mac, and Linux machines currently being deployed. Users should update to Chrome 89.0.4389.72 when it becomes available.
Chrome version 89.0.4389.72 includes many other security fixes and browser improvements. A total of severe stack buffer overflows in TabStrip (CVE-2021-21159), another stack buffer overflow in WebAudio (CVE-2021-21160), post-release usage issues in WebRTC (CVE), etc. 47 bugs have been fixed. -2021-21162). A total of 8 vulnerabilities are considered to be of high severity. Google added that most users could remain restricted access to bug and link details until they are updated with a fix. Keep limits even if there are bugs in third-party libraries that other projects depend on but haven’t been fixed yet.
There is no information about continuous attacks. Zero-day, recorded as CVE-2021-21193, was classified as a high-severity vulnerability by Google and reported by confidential scientists on Tuesday.
Google describes it as a completely free post-bug use of Blink, an open-source internet browser rendering engine established by Chrome Tasks with contributions from Google, Facebook, Microsoft, and others. Effective use of this zero-day attack can lead to rough code execution on systems running Chrome-sensitive variations.
Although Google claims to know about the aggressive exploitation of CVE-2021-21193, it did not share information about these ongoing attacks. “Access to bug and link details may be restricted until most users are updated with a fix,” Google said.