Google fixes second actively exploited Chrome zero-day this month

Google fixes second actively exploited Chrome zero-day this month
Google fixes second actively exploited Chrome zero-day this month

Google has warned of reports that the zero-day vulnerability in the Chrome browser has been exploited. Google’s announcement, released on Tuesday, also marks the release of Chrome 89 to a stable desktop channel for Windows, Mac, and Linux machines currently being deployed. Users should update to Chrome 89.0.4389.72 when it becomes available.

Chrome version 89.0.4389.72 includes many other security fixes and browser improvements. A total of severe stack buffer overflows in TabStrip (CVE-2021-21159), another stack buffer overflow in WebAudio (CVE-2021-21160), post-release usage issues in WebRTC (CVE), etc. 47 bugs have been fixed. -2021-21162). A total of 8 vulnerabilities are considered to be of high severity. Google added that most users could remain restricted access to bug and link details until they are updated with a fix. Keep limits even if there are bugs in third-party libraries that other projects depend on but haven’t been fixed yet.

Google has released a fix for CVE-2021-21148. This is a stack buffer overflow in the Chrome V8 JavaScript engine, which is also being actively exploited. Google has fixed its second zero-day active use of Chrome this month with the release of Chrome 89.0.4389.90 on Steady desktop channels for Windows, Mac, and Linux users. According to the release statement, Google is aware of reports that the CVE-2021-21193 exploit exists.

There is no information about continuous attacks. Zero-day, recorded as CVE-2021-21193, was classified as a high-severity vulnerability by Google and reported by confidential scientists on Tuesday.

Google describes it as a completely free post-bug use of Blink, an open-source internet browser rendering engine established by Chrome Tasks with contributions from Google, Facebook, Microsoft, and others. Effective use of this zero-day attack can lead to rough code execution on systems running Chrome-sensitive variations.

Although Google claims to know about the aggressive exploitation of CVE-2021-21193, it did not share information about these ongoing attacks. “Access to bug and link details may be restricted until most users are updated with a fix,” Google said.

If you are looking for free guest posting website, then get in touch with us now

Leave a Reply

Your email address will not be published. Required fields are marked *