The vulnerability, tracked as CVE-2021-21193, was reported by an anonymous security researcher earlier in March. Google rushed out a patch for Google Chrome soon after, and now Microsoft has rolled it into its Chromium-based Edge browser too.
“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” noted the search engine giant as it released an update for Google Chrome to address the vulnerability as well as a couple of others.
- We've put together a list of the best endpoint protection software
- Here's our choice of the best malware removal software on the market
- These are the best ransomware protection tools
Blink engine vulnerability
The vulnerability, which ranks 8.8 out of 10 in the CVSS vulnerability rating scale, making it high-severity, exists in the Blink rendering engine.
It’s described as a use-after-free vulnerability, which experts suggest exists due to the incorrect use of dynamic memory during the execution of an app, which is the Blink rendering engine in this case.
Reportedly, due to Blink’s inability to properly clear its memory, it allowed an attacker to execute arbitrary code or corrupt data. Google however didn’t share any details about how the vulnerability was being exploited, apart from stating that it was aware of the flaw being used by hackers.
Microsoft has now followed Google’s stead and has released patches for the Blink vulnerability in the stable channel of its Edge web browser, which is powered by the same Blink engine as Google’s Chrome.
- We've built a list of the best antivirus services around