3 March 2021

Google addresses actively exploited Chrome zero day vulnerability


Google addresses actively exploited Chrome zero day vulnerability

Google has released Chrome 89.0.4389.72 version for Windows, Mac, and Linux, which contains a number of improvements and patches for multiple vulnerabilities, including a zero day flaw that has been observed being exploited in the wild.

The zero day flaw, tracked as CVE-2021-21166, is a remote code execution bug, which exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Google said that it is aware of the vulnerability being exploited in the wild, however, the company did not provide additional information regarding the attacks or a threat actor behind them.

CVE-2021-21166 is a second Chrome zero day vulnerability patched by Google this year. Last month, the tech giant released the Chrome 88.0.4324.150 version to address a heap-based overflow issue (CVE-2021-21148) in V8 JavaScript engine that allowed to execute arbitrary code on the target system by tricking a user into visiting a malicious web page.

In addition to CVE-2021-21166, Chrome 89.0.4389.72 contains fixes for a number of high risk vulnerabilities (CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21178, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21165, CVE-2020-27844) that could allow a remote attacker to execute arbitrary code on the system or gain access to sensitive information.

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021