For a third time this year, Google released security updates to fix a zero-day vulnerability in its Chrome browser, which is being exploited in the wild. The vulnerability tracked as CVE-2021-21193 exists in the Blink rendering engine.
The security patch is available with the latest 89.0.4389.90 version for Linux, Windows, and Mac platforms in Google’s Stable Channel Update for Desktop. While the vulnerability was discovered by an anonymous researcher, Google did not reveal more details about the flaw to avoid exploits from threat actors. Google also released patches for two other high-severity vulnerabilities: CVE-2021-21191 – in WebRTC and heap buffer overflow flaw CVE-2021-21192.
Google Addressed 37 Critical Flaws
In its March 2021 Android Security Bulletin, Google addressed 37 vulnerabilities in its Android Operating System, including a critical flaw in the System component. All the flaws are rated highly severe, which, if exploited, could allow a remote attacker to launch remote code execution, elevation of privilege, and information disclosure attacks. The critical vulnerability “CVE-2021-0397” affects Android products of 8.1, 9, 10, and 11 versions. If exploited successfully, the flaw could allow an attacker to execute a malicious code remotely on vulnerable devices.
Google also recommended certain mitigation measures to reduce the likelihood of security vulnerabilities from becoming exploitable. These include:
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform All users are encouraged to update to the latest version of Android where possible.
- The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services and is especially important for users who install apps from outside of Google Play.
Related Story: How to Detect Weak Passwords Using Google Chrome