Google has recently updated the Google Chrome and now is available for download. If you are still using the older version, you must immediately upgrade to the Chrome 89 to as you can perform browsing activities on your Windows, Mac and Linux operating systems securely.
Chrome Version 89.0.4389.90 brings a major CVE-2021-21193 Zero-Day vulnerability fixes. This zero-day vulnerability is described as a Use after free in Blink. It was reported by an external researcher.
The Google did not provide much detail about the bug fixes in the Chrome release. However, it mentions this that there are reports of this vulnerability has already been exploited in the wild.
The update constant of total five fixes. Three of the vulnerabilities, as external researcher reported are [$500][1167357] High CVE-2021-21191, [$TBD][1181387] High CVE-2021-21192 and [$TBD][1186287] High CVE-2021-21193.
Raven (@raid_akame reported the CVE-2021-21191:- use after free in in WebRTC. CVE-2021-21192 vulnerability causes heap buffer overflow in tab groups. It was reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23. The “Use after free in Blink” (aka CVE-2021-21193) is reported by Anonymous on 2021-03-09.
Heap butter overflow in V8 was fixed a month ago prior to 88.0.4324.150. This vulnerability exploit could allow a remote attack for heap corruption through crafted HTML page.
Google will be soon add a new security feature to MS Edge and Chrome browser to protect it against any vulnerabilities.
This new feature is CET or called Control-flow Enforcement Technology, introduced in year 2016. Last year, it was added to the Intel’s 11th generation CPU. It focuses on shielding programs from ROP or Return Oriented Programming and JOP or Jump Oriented programming attacks.
Both these attacks refer bypassing the sandboxes of the web browsers or performing remote execution. The CET, with the help of the Intel, will block such actions by them.