Google scrambles to fix another round of Chrome vulnerabilities
New update addresses vulnerabilities in V8 and Blink
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googleis readying a new update forChrome 89after another exploit that leverages a vulnerability in its open source JavaScript and web assembly engineV8was discovered in the wild.
In total, the new update address two vulnerabilities which affect V8 and Chrome’s rendering engineBlink. Back in January, V8 was found to suffer from a high severityheap buffer overflow memory corruption bug.
Now though, a new V8 vulnerability (tracked as CVE-2021-21220) is being addressed alongside a use-after-free bug in Blink (tracked as CVE-2021-21206).
The Blink vulnerability was first discovered by Bruno Keith and Niklas Baumstark from Dataflow Security during the Zero Day Initiative’s recent Pwn2Own competition. While they did not release any proof-of-concept (PoC) code, Security researcher Rajvardhan Agarwal developed anexploit for the vulnerabilityand recently posted it on Twitter.
Chrome update 89.0.4389.128
In anew poston the Chrome Releases blog, Google explained that exploits for both the Blink vulnerability and the V8 vulnerability “exist in the wild”.
While Chrome’s Stable channel has been updated for the Windows, Mac and Linux versions of the browser and version 89.0.4389.128 is expected to be rolled out in the coming days/weeks, cybercriminals could still try to leverage these vulnerabilities in their attacks. This is because cybercriminals with advanced coding skills often try to reverse-engineer patches to discover what they protect against which allows them to target unpatched deployments.
Google Chromeusers should update their browser to the latest version once it becomes available to protect themselves from any potential exploits leveraging these vulnerabilities.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaThe Register
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
