On March 12, 2021, Google released an Update for the Chrome browser. According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks.
The Google Chrome team has fixed 5 high severity security bugs, out of which CVE-2021-21193 is being exploited in the wild. According to Google, 3 of these security bugs were reported by external security researchers, while rest two of them were found during internal audits.
- CVE-2021-21191: Use-After-Free (UAF) vulnerability in WebRTC.
- CVE-2021-21192: Heap buffer overflow vulnerability in tab groups.
- CVE-2021-21193: Use-After-Free (UAF) vulnerability in Blink.
Google is aware that an exploit for CVE-2021-21193 exists in the wild.
Google Chrome versions prior to 89.0.4389.90.
Google has fixed these vulnerabilities in Chrome version 89.0.4389.90. Customers are advised to upgrade to Google Chrome Stable Channel version 89.0.4389.90 for Windows, Mac, and Linux.
Qualys customers can detect vulnerable instances/assets with QID 375378.