Chrome 89 landed this week, and in addition to the new features this update is delivering to users, it also patches a number of bugs. In all, Google says that Chrome 89.0.4389.72 includes 47 security fixes, including one zero-day vulnerability that is actively being exploited. If you use Chrome, then, it’s a good idea to update to the latest version of the browser.
Google detailed all 47 security fixes in a post to the Google Blog. The zero-day security flaw that is actively being exploited in the wild is identified as CVE-2021-21166 in Google’s notes. We know next to nothing about this issue, as Google only identifies it as an “Object lifecycle issue in audio” with a High priority.
Of course, the reason we don’t know anything about it is probably because there’s an active exploit out in the wild for it. “Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google says in that blog post. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
We do know that the security issue was discovered by Alison Huffman with Microsoft’s Browser Vulnerability Research team and first reported to Google on February 11th, but beyond that, we’ll have to wait until the problem is quashed before Google will share more about it. You can make sure that your browser is updated to the latest version by heading into the Chrome Menu > Help > About Google Chrome, and then searching for an update.
When Chrome 89 was announced yesterday, Google said it would be rolling out to everyone in the coming weeks, so be sure to keep an eye out for it. This update is particularly important as it patches a zero-day vulnerability with an active exploit, so it’s a good idea to install it as soon as it’s available.