New Chrome 89.0.4389.128 fixes two zero day vulnerabilities
Google has released another security update for Chrome 89 with vulnerabilities already being exploited.
The new browser version Chrome 89.0.4389.128 for Windows, macOS and Linux from April 13 fixes two security vulnerabilities. The Chrome Release Blog lists both vulnerabilities that were discovered by external security researchers and reported to Google. Both are classified as high risk. Google has received reports that the two vulnerabilities are already being exploited.
The first vulnerability (CVE-2021-21206) is a Use after free (UAF) vulnerability in Blink, the HTML renderer and the second loophole (CVE-2021-21220) exists in the JavaScript engine V8.
Updates of other Chromium-based browsers are not available yet.
Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help ยป About Google Chrome.
The manufacturers of other Chromium-based browsers will probably follow with updates within the next few days.