Google is readying a new update for Chrome 89 (opens in new tab) after another exploit that leverages a vulnerability in its open source JavaScript and web assembly engine V8 (opens in new tab) was discovered in the wild.
In total, the new update address two vulnerabilities which affect V8 and Chrome's rendering engine Blink (opens in new tab). Back in January, V8 was found to suffer from a high severity heap buffer overflow memory corruption bug (opens in new tab).
Now though, a new V8 vulnerability (tracked as CVE-2021-21220) is being addressed alongside a use-after-free bug in Blink (tracked as CVE-2021-21206).
- We've built a list of the best browsers (opens in new tab) available
- These are the best antivirus (opens in new tab) software solutions on the market
- Also check out our roundup of the best malware removal (opens in new tab) software
The Blink vulnerability was first discovered by Bruno Keith and Niklas Baumstark from Dataflow Security during the Zero Day Initiative's recent Pwn2Own competition. While they did not release any proof-of-concept (PoC) code, Security researcher Rajvardhan Agarwal developed an exploit for the vulnerability (opens in new tab) and recently posted it on Twitter.
Chrome update 89.0.4389.128
In a new post (opens in new tab) on the Chrome Releases blog, Google explained that exploits for both the Blink vulnerability and the V8 vulnerability “exist in the wild”.
While Chrome's Stable channel has been updated for the Windows, Mac and Linux versions of the browser and version 89.0.4389.128 is expected to be rolled out in the coming days/weeks, cybercriminals could still try to leverage these vulnerabilities in their attacks. This is because cybercriminals with advanced coding skills often try to reverse-engineer patches to discover what they protect against which allows them to target unpatched deployments.
Google Chrome (opens in new tab) users should update their browser to the latest version once it becomes available to protect themselves from any potential exploits leveraging these vulnerabilities.
- We've also highlighted the best endpoint protection (opens in new tab)
Via The Register (opens in new tab)