Google Is Announcing Another Chrome Zero-Day Flaw
This will be the third flaw disclosed by Google in the past three months.
It looks like a third zero-day flaw has been found in Google Chrome and it could affect Mac, Windows and Linux users. This would be the third Google Chrome zero-day vulnerability to be disclosed in the past three months.
The vulnerability named CVE-2021-21193 is rated at 8.8 out of 10 on the CVSS vulnerability-rating scale, making it a high-severity flaw.
Use after free in Blink in Google Chrome before 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
It also seems that the vulnerability has already been exploited in the wild, therefore Google is currently trying to fix the vulnerability on the Chrome browser which is under active attack, whilst encouraging its users to update to version 89.0.4389.90 in order to remain safe.
The Stable channel has been updated to 89.0.4389.90 for Windows, Mac, and Linux which will roll out over the coming days/weeks.
Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.