Microsoft patches active zero-day Chromium flaw in Edge

Vulnerability was being exploited in the wild, but Google and Microsoft quick to issue fixes

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A fix for a severe vulnerability inGoogle’s Chromiumweb browserthat was reportedly being exploited in the wild has now been applied to the stable branch of the MicrosoftEdge browser.

The vulnerability, tracked as CVE-2021-21193, was reported by an anonymous security researcher earlier in March. Google rushed out apatchforGoogle Chromesoon after, and nowMicrosofthas rolled it into its Chromium-based Edge browser too.

“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” noted the search engine giant as itreleased an updatefor Google Chrome to address the vulnerability as well as a couple of others.

Blink engine vulnerability

The vulnerability, which ranks 8.8 out of 10 in the CVSS vulnerability rating scale, making it high-severity, exists in the Blink rendering engine.

It’s described as a use-after-free vulnerability, which experts suggest exists due to the incorrect use of dynamic memory during the execution of an app, which is the Blink rendering engine in this case.

Reportedly, due to Blink’s inability to properly clear its memory, it allowed an attacker to execute arbitrary code or corrupt data. Google however didn’t share any details about how the vulnerability was being exploited, apart from stating that it was aware of the flaw being used by hackers.

Microsoft has now followed Google’s stead and has released patches for the Blink vulnerability in the stable channel of its Edge web browser, which is powered by the same Blink engine as Google’s Chrome.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:MSPowerUser

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’