Google has released Chrome 89 security update (89.0.4389.128) for Windows, Mac and Linux with fixes for 2 vulnerabilities exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of the Chrome security update, Google patched 2 High severity vulnerabilities in all:
- CVE-2021-21206: Use after free in Blink.
- CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64.
Moreover, Google warned there are reports of exploits of each of these vulnerabilities in the wild.
A security researcher Rajvardhan Agarwal who goes by handle “r4j0x00” posted proof-of-concept (PoC) exploit code on GitHub and sent out a tweet on April 12:
Although Google did confirm CVE-2021-21206 was also being exploited in the wild, it is not clear on whether any PoC exploits were published online.