Chrome 89.0.4389.90 update eliminates 0-day vulnerability

The new Chrome version 89.0.4389.90 for Windows, macOS and Linux fixes five security vulnerabilities, including one 0-day vulnerability.

The Chrome Release Blog lists three vulnerabilities that were discovered by external security researchers and reported to Google. All three are classified as high risk. This includes the CVE-2021-21193 vulnerability, a Use after free vulnerability in the HTML renderer Blink.

According to the blog, there are reports from Google that exploit code is in circulation for this vulnerability. This does not necessarily have to mean that the vulnerability is being used for attacks, but it should be treated the same way.

Google also classifies two other vulnerabilities as high risk: a Use after free vulnerability in WebRTC (CVE-2021-21191) and a buffer overflow in tab groups (CVE-2021-21192).

Updates of other Chromium-based browsers are not available yet. Brave and Microsoft Edge are already available with the current Chromium 89. Vivaldi and Opera are still behind using Chromium 88.

Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help » About Google Chrome.

The manufacturers of other Chromium-based browsers will probably follow with updates within the next few days.