Google fixes zero-day vulnerability (CVE-2021-21166) in Chrome
Google Chrome released a new stable version v89.0.4389.72 yesterday. This version not only adds some new features but also brings various fixes to solve security vulnerabilities.
The Chrome engineer said that the new version fixes 47 security vulnerabilities, including one zero-day vulnerability (CVE-2021-21166), which has been actively exploited by hackers in the wild.
Therefore, based on security considerations, all users of this browser should immediately upgrade to the latest version to prevent attackers from using this vulnerability to launch targeted attacks.
Google has not disclosed the relevant details of the vulnerability in detail at present, because if the disclosure is too early if the user does not upgrade the new version, it may cause potential threats.
Therefore, only when most users have upgraded the new version to prevent the vulnerability, Google Chrome will consider publicly disclosing the details of this security vulnerability.
At present, it is only known that this security vulnerability was discovered by researchers from the Microsoft security team, and it mainly involves the life cycle of the audio playback module of Google Chrome.
The Microsoft researcher also found a similar vulnerability in Google Chrome. This similar security vulnerability is also related to audio playback and is marked as severe.