Google has released Chrome update 89.0.4389.90, which fixes five vulnerabilities, including CVE-2021-21193, which is already being exploited by attackers in zero-day exploits. Details are not yet available, but it is known that the vulnerability is caused by accessing a previously freed memory location in the Blink JavaScript engine.
The issue has been assigned a high, but not critical, severity level, meaning the vulnerability doesn't allow bypassing all browser protection layers and isn't sufficient to execute code on a system outside of a sandbox environment. The vulnerability in Chrome itself doesn't allow bypassing the sandbox environment, and a full-fledged attack requires exploiting another vulnerability in the operating system.
Source: opennet.ru
