Google issued a warning for one zero-day in the Chrome browser as it is already being used by malicious users.
Η vulnerability CVE-2021-21166, reported by Alison Huffman on February 11 and described as an “object lifecycle issue in audio.”
Google called the vulnerability a "critical" security flaw and fixed the issue in the latest version of Chrome.
Along with CVE-2021-21166, Huffman reported another serious error, CVE-2021-21165, but also CVE-2021-21163, a data validation issue in reading mode.
The company did not disclose further details on how to operate CVE-2021-21166.
Google's announcement, released on Tuesday, also marked its release Chrome 89 on the fixed channel for Windows, Mac and Linux computers, U new edition is currently in circulation.
Chrome version 89.0.4389.72 also contains a number of security fixes and improvements to theletterof browsing. In total, 47 bugs have been fixed, and a total of eight vulnerabilities are considered high severity.
This week, Microsoft also released emergency updates for four zero-day vulnerabilities in Exchange Server. The company urges users to inform as soon as possible.
