It looks like a third zero-day flaw has been found in Google Chrome and it could affect Mac, Windows and Linux users. This would be the third Google Chrome zero-day vulnerability to be disclosed in the past three months.

On the 2nd of March, Chrome released a fix for another critical bug in the browser’s audio component, and just weeks earlier, Google Chrome has issued a patch for a flaw in the browser’s JavaScript engine.

The vulnerability named CVE-2021-21193 is rated at 8.8 out of 10 on the CVSS vulnerability-rating scale, making it a high-severity flaw.

Use after free in Blink in Google Chrome before 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.


It also seems that the vulnerability has already been exploited in the wild, therefore Google is currently trying to fix the vulnerability on the Chrome browser which is under active attack, whilst encouraging its users to update to version 89.0.4389.90 in order to remain safe.

The Stable channel has been updated to 89.0.4389.90 for Windows, Mac, and Linux which will roll out over the coming days/weeks.

Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.


Have You Ever Installed a Malicious Chrome Extension?

Leave a Reply

Your email address will not be published. Required fields are marked *