Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 browser that was released on March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.
Google is aware of the new exploit for CVE-2021-21166 existing in the wild. The new version is now rolling out to the entire userbase.
All users can upgrade to Chrome 89 by going to
Settings -> Help -> About Google Chrome.
The Google Chrome web browser will automatically check for the new update and install it when available.
The zero-day vulnerability has been rated by the tech company as high severity and described it as an “Object lifecycle issue in audio.” The vulnerability was reported by Alison Huffman of Microsoft Browser Vulnerability last month.
Although Google says that it is aware of reports that a CVE-2021-21166 exploit exists in the wild, the search giant did not share any info regarding the threat actors behind these attacks.
The company added that access to bug details and links may be kept restricted until a majority of users are updated with a fix.
They also plan to retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.
Chrome users have more time to install the security update released now to prevent any ongoing attacks.
This is the second Chrome zero-day patched this year. Google has fixed another Chrome zero-day actively exploited in the wild in February which is a heap buffer overflow bug in V8 tracked as CVE-2021-2114 and rated as high severity.