Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing 47 security vulnerabilities. This release includes one very critical Zero-Day exploit exploited in the wild. This vulnerability tracked as CVE-2021-21166. However, Endpoints that have not been patched are advised to deploy patches ASAP using a patch management solution. Moreover, the other high-severity issues addressed include three heap-buffer overflow flaws in the TabStrip (CVE-2021-21159, CVE-2021-21161) and WebAudio (CVE-2021-21160) components, a use-after-free error (CVE-2021-21162) found in WebRTC, a data validation issue in Reader Mode (CVE-2021-21163) and Chrome for iOS (CVE-2021-21164).
The advisory also patches another 26 vulnerabilities which were tracked using a vulnerability scanning tool tracked as
CVE-2021-21165, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169,
CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173,
CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177,
CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2020-27844,
CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184,
CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188,
CVE-2021-21189, CVE-2021-21190
Also, At the time of writing, details on the POC have not made public.
Zero-Day CVE-2021-21166
The wildly-exploited vulnerability exists in the audio component of the browser. It arises from an object lifecycle issue in audio. Object lifecycle is the life span of a programming language object. Also, This issue discovered and reported by Alison Huffman from the Microsoft Browser Vulnerability Research team. However, This is the second zero-day addresses in Chrome this year.
Google added in the advisory,
Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild.
Affected products
Google Chrome versions before 89.0.4389.72.
Impact of Google Chrome Security updates
The vulnerabilities allow attackers to cause a program to crash, execute code, obtain potentially sensitive information, and bypass security restrictions on the affected system.
Solution
Google has released the security updates addressing the issue in Google Chrome version 89.0.4389.72.
SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.