Overview
On March 12, 2021, Google released an Update for the Chrome browser. According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks.
Description
The Google Chrome team has fixed 5 high severity security bugs, out of which CVE-2021-21193 is being exploited in the wild. According to Google, 3 of these security bugs were reported by external security researchers, while rest two of them were found during internal audits.
-
- CVE-2021-21191: Use-After-Free (UAF) vulnerability in WebRTC.
- CVE-2021-21192: Heap buffer overflow vulnerability in tab groups.
- CVE-2021-21193: Use-After-Free (UAF) vulnerability in Blink.
Google is aware that an exploit for CVE-2021-21193 exists in the wild.
Affected Version
Google Chrome versions prior to 89.0.4389.90.
Mitigation
Google has fixed these vulnerabilities in Chrome version 89.0.4389.90. Customers are advised to upgrade to Google Chrome Stable Channel version 89.0.4389.90 for Windows, Mac, and Linux.
Qualys Detection
Qualys customers can detect vulnerable instances/assets with QID 375378.
References
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html