![Chrome security update (89.0.4389.128) fixes 2 zero-days exploited in the wild](https://securezoo.com/wp-content/uploads/2019/12/Update3.jpg)
Google has released Chrome 89 security update (89.0.4389.128) for Windows, Mac and Linux with fixes for 2 vulnerabilities exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of the Chrome security update, Google patched 2 High severity vulnerabilities in all:
- CVE-2021-21206: Use after free in Blink.
- CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64.
Moreover, Google warned there are reports of exploits of each of these vulnerabilities in the wild.
A security researcher Rajvardhan Agarwal who goes by handle “r4j0x00” posted proof-of-concept (PoC) exploit code on GitHub and sent out a tweet on April 12:
Just here to drop a chrome 0day. Yes you read that right.https://t.co/sKDKmRYWBP pic.twitter.com/PpVJrVitLR
— Rajvardhan Agarwal (@r4j0x00) April 12, 2021
The zero-day impacts the V8 JavaScript engine as noted in CVE-2021-21220 and was patched.
Although Google did confirm CVE-2021-21206 was also being exploited in the wild, it is not clear on whether any PoC exploits were published online.