Zero-Day

Google has released its second emergency update for Chrome this month. Chrome version 89.0.4389.90 for Windows, Mac and Linux fixes five security bugs, one of which (catalogued as CVE-2021-21193) has to do with unprotected memory in Chrome's Blink rendering engine. Two of the other four flaws in were reported by non-Google parties. One is a memory-handling flaw in WebRTC, the multimedia engine built into modern web browsers; its pseudonymous finder, "raven," will get a $500 bug bounty for their troubles. The other is a heap buffer overflow — a memory overrun in Chrome tab groups, which was found by Microsoft Browser Vulnerability Research team. Google discovered and fixed two other flaws on its own and isn't providing any details about those yet. On March 2, Google had patched 47 Chrome security flaws, including an audio flaw that was already being exploited in the wild.

CLICK HERE > to see our post