Google Chrome Exploit In The wild (CVE-2021-21193)

Overview

On March 12, 2021, Google released an Update for the Chrome browser.  According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks.

Description

The Google Chrome team has fixed 5 high severity security bugs, out of which CVE-2021-21193 is being exploited in the wild. According to Google, 3 of these security bugs were reported by external security researchers, while rest two of them were found during internal audits.

    • CVE-2021-21191: Use-After-Free (UAF) vulnerability in WebRTC.
    • CVE-2021-21192: Heap buffer overflow vulnerability in tab groups.
    • CVE-2021-21193: Use-After-Free (UAF) vulnerability in Blink.

Google is aware that an exploit for CVE-2021-21193 exists in the wild.

Affected Version

Google Chrome versions prior to 89.0.4389.90.

Mitigation

Google has fixed these vulnerabilities in Chrome version 89.0.4389.90. Customers are advised to upgrade to Google Chrome Stable Channel version 89.0.4389.90 for Windows, Mac, and Linux.

Qualys Detection

Qualys customers can detect vulnerable instances/assets with QID 375378.

References

https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html

 

Leave a Reply

Your email address will not be published. Required fields are marked *