Google is rushing to release a fix for a zero-day vulnerability found in its Chrome browser, the third zero-day found in as many months. The vulnerability affects Chrome on Windows, Mac, and Linux, covering most operating system versions and potentially affecting millions of users.
Another Zero-Day Vulnerability Affecting Google Chrome
The Chrome vulnerability is a "use after free" bug in Blink, an open-source browser rendering tool that is part of the Chromium project.
Google is tracking the issue as CVE-2021-21193, and it is rated 8.8 out of 10 on the CVSS vulnerability rating scale, marking it a high-severity issue.
Use after free refers to a program attempting to access previously allocated memory. The "use after free" vulnerability could result in issues "ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw."
Simply put, if exploited, it could be a major issue.
Google later announced an update to the Google Chrome browser in a post on the Chrome Releases Blog.
The Stable channel has been updated to 89.0.4389.90 for Windows, Mac and Linux which will roll out over the coming days/weeks.
The blog post acknowledges that the update is required to fix the potentially serious issue. Furthermore, it also notes that Google is keeping the lid on the details of the vulnerability until it can roll the critical security patch out to its users.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.
As with many critical vulnerabilities of this type, the chance of regular users encountering an exploit of this nature in the wild is low. While it is a dangerous vulnerability in the Google Chrome browser, it requires an attacker to lure a victim to a vulnerable website to exploit the vulnerability.
When Will Google Chrome Update?
As per the official Chrome blog post, the update is live and will arrive on your system in the coming days. Just keep your eyes peeled for the Chrome update. The three-bar Settings menu icon will turn yellow, then red if you don't install it straight away when it arrives.
It has been a tricky few months for Google, with security researchers and indeed, Google themselves finding vulnerabilities in its Chrome browser. However, Google always moves quickly to resolve any issues, and as such, Chrome doesn't remain vulnerable for long.