Home > Cyber News > CVE-2021-21193 Zero-Day in Chrome, Update to Version 89.0.4389.90
CYBER NEWS

CVE-2021-21193 Zero-Day in Chrome, Update to Version 89.0.4389.90

CVE-2021-21193 google chromeIf you haven’t recently checked what version of Google Chrome you are using, you should definitely check. Google recently addressed another actively exploited zero-day vulnerability in its browser, CVE-2021-21193.

This is the second time Google releases such an update within a month. In fact, it should be noted that the update consists of five fixes.

To be secure, you should be running Chrome version 89.0.4389.90 for Windows, Mac, and Linux operating systems.

More about CVE-2021-21193

This zero-day is described as “Use after free in Blink.” It was reported by an external researcher.

Google hasn’t provided much information about the bugs fixed with the latest Chrome stable release. However, the company has said that there are reports about the zero-day being exploited in the wild.





Three of the vulnerabilities were reported by external researchers, with bug bounties paid out:

[$500][1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15
[$TBD][1181387] High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23
[$TBD][1186287] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09

About a month ago, Google fixed a Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150. The vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Google to include a new security feature against vulnerabilities

On the positive side, a new security improvement of Microsoft Edge and Google Chrome will be added to the browsers soon. Both Chrommium-based browsers will support a new security feature provided by Intel whose purpose is to protect against vulnerabilities.

Called CET, or Control-flow Enforcement Technology, the feature is based on a hardware component first introduced in 2016 and added to Intel’s 11th generation CPUs last year. Its purpose is to shield programs from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks.

In terms of browser security, ROP and JOP attacks include bypassing the browser’s sandbox or performing remote code execution. The CET feature provided by Intel will block these attempts by enabling exceptions when the natural flow is altered.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...