Google released Chrome 89 with several security fixes, including Chrome zero-day bug that is being exploited in wide.
The zero-day bug marked as high severity and is existing in the Object lifecycle in audio allows attackers to exploit and take over the complete browser control.
The vulnerability (CVE-2021-21166) was reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-11.
“Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild”, Google said.
The security updates including 47 security patches including, 8 High severity bugs, 16 “Medium” severity bugs, and 23 Low severity bugs.
Google rewarded the highest reward of $10000 for the Heap buffer overflow in TabStrip (CVE-2021-21159) that was reported by Khalil Zhani on 2021-01-27.
Another Heap buffer overflow vulnerability (CVE-2021-21161) in TabStrip and WebAudio (CVE-2021-21160) reported by Khalil Zhani and Marcin ‘Icewall’ Noga of Cisco Talos received $7500 each as a bounty reward from google and both vulnerabilities categorized as high severity.
Other High Severity Vulnerabilities
- [$5000] High CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous on 2021-01-29
- [$TBD] High CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30
- [$TBD] High CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported by Muneaki Nishimura (nishimunea) on 2021-01-11
- [$TBD] High CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-04
- [$TBD] High CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-11
Tools Used to Detect Bugs
Many security bugs have been detected using these tools that we have mentioned below:-
Since Google Chrome is one of the most popular web browsers, the threat actors always target Chrome with several vulnerabilities. user are highly recommended to update the browser to avoid being targeted by the active exploits.
How to Update?
- The users have to click on the three dots menu that is present on the upper-right hand side of the window.
- After the above step now, the user has to select the “Help” option from the menu list.
- Then users have to select the “About Google Chrome” option.
- Once the user opens that menu item, it will automatically trigger Chrome to watch for any updates.