Google Patched Two New Zero-Day Bugs – Also, Chrome 90 Rolled Out!

Google has recently released the new Chrome 90 browser version to its users. This update arrived shortly after Google addressed two new Chrome zero-day bugs that caught public attention.

Two New Zero-Day Bugs In Chrome Browser

Reportedly, Google has recently addressed two new Chrome zero-day bugs within a week.

In brief, the first of these caught public attention a few days ago when researchers from Dataflow Security demonstrated it at the recent Pwn2Own 2021 hacking contest. This vulnerability, tracked as CVE-2021-21220, affected the V8 JavaScript rendering engine.

Shortly after its disclosure, another researcher, Rajvardhan Agarwal, published a working exploit for it, thus pushing for a fix indirectly. (This exploit also risked other Chromium-based browsers as well, such as Microsoft Edge, Opera, and Brave.)

A few days later, another user dropped a second zero-day publicly on Twitter.

The following video demonstrates the exploit.

Update To The Latest Chrome 90

Following the bug reports, Google deployed the patches for both with the release of Chrome version 89.0.4389.128. Thus, anyone running this version on their systems should remain protected from potential exploitation of the zero-day flaws.

However, recently, Google has released Chrome 90 as well. It’s the latest Chrome browser version that brings prominent updates.

As described in Google’s post, the new Chrome 90 blocks downloading from HTTP by default if the target website has an HTTPS. The tech giant first announced this change in March 2021, pledging it for Chrome 90.

Alongside this change, Chrome also brings with it the patches for 37 different security vulnerabilities. This also includes some notable high-severity vulnerabilities as well that made the researchers win huge bounties.

Though, Google, like always, hasn’t shared any details of the flaws yet out of security. Yet, as evident, the fixes address 6 high-severity, 10 medium-severity, and 3 low-severity flaws.

Therefore, users should ensure updating their systems with the latest Chrome browser version for a safer browsing experience.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients