CVE-2021-21193 — Chrome Zero-Day

A new zero-day vulnerability CVE-2021-21193 was addressed by Google.

Earlier this month, Google released an update for “object lifecycle issue in audio” (CVE-2021-21166) — an actively available bug exploiting in the wild.

While the update contains a total of five security fixes, Google describes it as a use after free bug in Blink, tracked as CVE-2021-21193.

CVE-2021-21148 — Another new update for a zero-day bug within a month exploiting heap buffer overflow flaw.

Description

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw.

In addition, the simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:

Error conditions and other exceptional circumstances.
Confusion over which part of the program is responsible for freeing the memory.

However, the new 0-day bug exploit in V8 JavaScript rendering engine.

But it did not share info regarding these ongoing attacks. However, details about the access to bug and links would be released once majority of users are updated with a fix.