Google has released Chrome update 89.0.4389.90, which fixes five vulnerabilities, including CVE-2021-21193, which is already exploited by attackers (0-day). Details have not yet been disclosed, it is only known that the vulnerability is caused by accessing an already freed memory area in the Blink JavaScript engine.
The problem is assigned a high, but not critical, severity level, i.e. it is indicated that the vulnerability does not allow bypassing all levels of browser protection and is not enough to execute code on the system outside the sandbox environment. By itself, the vulnerability in Chrome does not allow bypassing the sandbox environment, and a full-fledged attack requires the use of another vulnerability in the operating system.
Source: opennet.ru