Precisely a month after patching an actively exploited zero-day flaw in Chrome, Google at the moment rolled out fixes for yet one more zero-day vulnerability on the earth’s hottest internet browser that it says is being abused within the wild.
Chrome 89.0.4389.72, launched by the search large for Home windows, Mac, and Linux on Tuesday, comes with a complete of 47 safety fixes, essentially the most extreme of which considerations an “object lifecycle concern in audio.”
Tracked as CVE-2021-21166, the safety flaw is likely one of the two safety bugs reported final month by Alison Huffman of Microsoft Browser Vulnerability Analysis on February 11. A separate object lifecycle flaw, additionally recognized within the audio part, was reported to Google on February 4, the identical day the secure model of Chrome 88 turned out there.
With no extra particulars, it is not instantly clear if the 2 safety shortcomings are associated.
Google acknowledged that an exploit for the vulnerability exists within the wild however stopped wanting sharing extra specifics to permit a majority of customers to put in the fixes and stop different menace actors from creating exploits concentrating on this zero-day.
“Google is conscious of reviews that an exploit for CVE-2021-21166 exists within the wild,” Chrome Technical Program Supervisor Prudhvikumar Bommana said.
That is the second zero-day flaw addressed by Google in Chrome because the begin of the 12 months.
Moreover, Google final 12 months resolved five Chrome zero-days that have been actively exploited within the wild in a span of 1 month between October 20 and November 12.
Chrome customers can replace to Chrome 89 by heading to Settings > Assist > About Google Chrome to mitigate the danger related to the flaw.