Skip to main content

Google scrambles to fix another round of Chrome vulnerabilities

Google Chrome
(Image credit: Shutterstock)
Audio player loading…

Google is readying a new update for Chrome 89 (opens in new tab) after another exploit that leverages a vulnerability in its open source JavaScript and web assembly engine V8 (opens in new tab) was discovered in the wild.

In total, the new update address two vulnerabilities which affect V8 and Chrome's rendering engine Blink (opens in new tab). Back in January, V8 was found to suffer from a high severity heap buffer overflow memory corruption bug (opens in new tab)

Now though, a new V8 vulnerability (tracked as CVE-2021-21220) is being addressed alongside a use-after-free bug in Blink (tracked as CVE-2021-21206).

The Blink vulnerability was first discovered by Bruno Keith and Niklas Baumstark from Dataflow Security during the Zero Day Initiative's recent Pwn2Own competition. While they did not release any proof-of-concept (PoC) code, Security researcher Rajvardhan Agarwal developed an exploit for the vulnerability (opens in new tab) and recently posted it on Twitter.

Chrome update 89.0.4389.128

In a new post (opens in new tab) on the Chrome Releases blog, Google explained that exploits for both the Blink vulnerability and the V8 vulnerability “exist in the wild”.

While Chrome's Stable channel has been updated for the Windows, Mac and Linux versions of the browser and version 89.0.4389.128 is expected to be rolled out in the coming days/weeks, cybercriminals could still try to leverage these vulnerabilities in their attacks. This is because cybercriminals with advanced coding skills often try to reverse-engineer patches to discover what they protect against which allows them to target unpatched deployments.

Google Chrome (opens in new tab) users should update their browser to the latest version once it becomes available to protect themselves from any potential exploits leveraging these vulnerabilities.

Via The Register (opens in new tab)

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.