Google Chrome urgently requires an update to patch a severe vulnerability. You may be tired of updating Chrome (the latest urgent update was just last month), but it’s that time again, and with good reason: Cybercriminals have already exploited this vulnerability.
What is CVE-2021-21193?
On March 12, Google released stable build 89.0.4389.90 for Chrome, patching five vulnerabilities, three with a high severity rating. One of them, CVE-2021-21193, deserves special attention. It is a vulnerability in Google Chrome’s browser engine Blink — the main component responsible for converting HTML code into the well-designed Web pages you’re used to browsing.
It is a use-after-free vulnerability, which means Blink had trouble clearing memory. The typical consequences of attacks on use-after-free vulnerabilities are data corruption and arbitrary code execution, though no information is available about what actually happens in this particular case. Google usually shares more details after most users have updated their browsers.
An anonymous security researcher reported CVE-2021-211193 on March 9, and Google rushed out a fix in just three days. That rush might be attributable to the vulnerability’s real-world exploitation; crooks have already used the vulnerability, and that is reason enough for everybody to patch Google Chrome ASAP.
How to patch Google Chrome
Google started rolling out the update on March 12, but it may be several days before the update button appears in the upper right corner of your browser. To speed things up, you can apply the update manually.
In Chrome, simply click on the menu (three-dot) button and select Settings —> About Chrome. If your version of the browser is 89.0.4389.90 or newer, you’re already using a patched version. If your version is older, then the browser will prompt you to let the browser update itself, requiring a relaunch. In that case, when it reopens, Chrome will automatically restore any tabs (except for Incognito tabs) you had open.