Google Chrome update fixes another worrying security flaw

News
By published

Second actively exploited Chrome zero-day bug to be discovered this year

Google Chrome
(Image credit: Shutterstpck)

Google has moved quickly to fix another serious security flaw in its browser with the release of Chrome 89.

The company was forced to act after the Google Chrome security flaw was reported by Alison Huffman of Microsoft Browser Vulnerability Research last month.

Known as CVE-2021-21166, the mysterious security issue, which affects Google Chrome version 89.0.4389.72, appears to have already been patched by Google, signifying that it could have allowed hackers or threat actors to do some serious damage in Chrome.

Chrome 89

Not much is known about the zero-day, which was described by Google as an "Object lifecycle issue in audio.", however the company rated the vulnerability as high severity, and has now issued a patch to fix the fault.

There are reports that an exploit based on CVE-2021-21166 is out in the wild, but Google did not share any information on potential threats.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google noted in its alert.

"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."

This updated Google Chrome 89 version is now rolling across Google's Stable desktop channel for Windows, Mac, and Linux users, with users able to upgrade now.

The news is the second such update and threat reported to affect Google Chrome this year following a similar disclosure in February 2021. That vulnerability, known as CVE-2021-21148, was also reportedly already being exploited in the wild, yet Google again did not release much information.

Asides from the bug fixes, Chrome 89 should also bring users a range of new improvments and upgrades. This includes a feature that will automatically load all incomplete URLs via the more secure HTTPS protocol. The browser also blocks downloads from HTTP sources that sit underneath an HTTPS page, which prevents malicious actors from tricking victims into believing a download is coming from a secure source.

Via BleepingComputer

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Digital clouds against a blue background.

Navigating the growing complexities of the cloud
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now