Google Patched Second Chrome Zero-Day Within A Month

Google has just released a second patch for another zero-day affecting its Chrome browser. While the fix is out, the bug already caught the attention of criminal hackers. Thus, users should rush to update their Chrome browsers at the earliest.

Another Chrome Zero-Day

Reportedly, Google has just released an urgent update to its Chrome browser. This update addresses a serious zero-day bug affecting the Chrome browser.

To prevent extensive damages, Google hasn’t shared explicit details about the flaw. Yet, they did mention a high-severity vulnerability, CVE-2021-21193, affecting the Blink rendering engine.

Google has identified this bug as a ‘use after free’ flaw.

Also, they have confirmed the bug to be under active exploitation. As stated in their post,

Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.

The tech giant got to know of this bug via an anonymous reporter. Consequently, Google released a fix for it with the latest browser version 89.0.4389.90 for Windows, Mac, and Linux.

Aside from this zero-day, Google has also patched two other high-severity vulnerabilities affecting the browser. These include a use after free bug in WebRTC (CVE-2021-21191), and a heap buffer overflow affecting the tabs group (CVE-2021-21192).

Second Zero-Day In Days

The present fix marks the second zero-day in Chrome that Google has addressed in consecutive weeks.

Recently, they rolled out the Chrome version 89.0.4389.72 addressing the zero-day, CVE-2021-21166. This vulnerability caught the attention of a Microsoft researcher who then reported it to Google. This was a relatively larger update since it included 46 other security fixes as well.

Whereas, the latest version addresses only three vulnerabilities.

Still, given the patch for a zero-day, this update demands immediate attention from Chrome users.

To update their devices manually, users may follow this path: Menu > Help > About Google Chrome.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients