Google fixed another 0-day vulnerability in Chrome browser within a month.
CVE-2021-21193 — Chrome Zero-Day
A new zero-day vulnerability CVE-2021-21193 was addressed by Google.
Earlier this month, Google released an update for “object lifecycle issue in audio” (CVE-2021-21166) — an actively available bug exploiting in the wild.
CVE-2021-21148 — Another new update for a zero-day bug within a month exploiting heap buffer overflow flaw.
The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw.
In addition, the simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:
- Error conditions and other exceptional circumstances.
- Confusion over which part of the program is responsible for freeing the memory.
But it did not share info regarding these ongoing attacks. However, details about the access to bug and links would be released once majority of users are updated with a fix.
The tech giant shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out soon.
However, successful exploitation of this zero-day could lead to arbitrary code execution on systems running vulnerable Chrome versions.
In short, to update Chrome 89 head to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.