A new update of the popular Google Chrome web browser has been released by Google for its Windows, Mac, and Linux versions. The update includes patches for two recently found security bugs that are both reportedly exploited in the wild and enable threat actors to actively take advantage of them.
The Google team acted quickly to fix the vulnerability demonstrated in the contest, however, over the weekend, security researcher Rajvardhan Agarwal came up with a publication on Twitter that revealed an exploit of the patch that the Chromium team released for the open-source component. Agrawal used reverse engineering to reveal a working exploit code for the zero-day remote code execution vulnerability.
According to the information that is available, the discovered vulnerability is affecting Google Chrome, Microsoft Edge, and other Chromium-based browsers such as Opera and Brave.
Another flaw that was recently fixed by Google is a flaw in its Blink browser engine described as CVE-2021-21206. The vulnerability was reported on 7th of April by a researcher who has remained anonymous.
0-day attacks on Google Chrome
Chrome’s Technical Program Manager has noted in a post that Google is aware of reports that CVE-2021-21206 and CVE-2021-21220 exploits exist. However, it should be noted that the existence of exploits does not automatically mean that they are actively exploited by hackers. Presently it is not known whether malicious actors are actively targeting the reported two flaws.
Since the beginning of this year, Google has already addressed three Chrome vulnerabilities, (CVE-2021-21148, CVE-2021-11166, and CVE-2021-21193), that have been actively attacked.
A new Chrome 89.0.4389.128 version could be released by the company in the next few days. Users who want to be safe and eliminate the security risks related to the latest vulnerabilities should upgrade to the new release by going to Settings >>> Help >>> About Google Chrome.