Google has released Chrome 89.0.4389.72 version for Windows, Mac, and Linux, which contains a number of improvements and patches for multiple vulnerabilities, including a zero day flaw that has been observed being exploited in the wild.
The zero day flaw, tracked as CVE-2021-21166, is a remote code execution bug, which exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
Google said that it is aware of the vulnerability being exploited in the wild, however, the company did not provide additional information regarding the attacks or a threat actor behind them.
In addition to CVE-2021-21166, Chrome 89.0.4389.72 contains fixes for a number of high risk vulnerabilities (CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21178, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21165, CVE-2020-27844) that could allow a remote attacker to execute arbitrary code on the system or gain access to sensitive information.