{"id":18104,"date":"2021-03-15T11:05:31","date_gmt":"2021-03-15T15:05:31","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/18104\/"},"modified":"2021-03-15T20:57:03","modified_gmt":"2021-03-15T16:57:03","slug":"google-chrome-cve-2021-21193","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/18104\/","title":{"rendered":"Update Google Chrome immediately"},"content":{"rendered":"<p>Google Chrome urgently requires an update to patch a severe vulnerability. You may be tired of updating Chrome (the latest urgent update was <a href=\"https:\/\/www.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/38678\/\" target=\"_blank\" rel=\"noopener nofollow\">just last month<\/a>), but it\u2019s that time again, and with good reason: Cybercriminals have already exploited this vulnerability.<\/p>\n<h2>What is CVE-2021-21193?<\/h2>\n<p>On March 12, Google <a href=\"https:\/\/chromereleases.googleblog.com\/2021\/03\/stable-channel-update-for-desktop_12.html\" target=\"_blank\" rel=\"nofollow noopener\">released stable build 89.0.4389.90 for Chrome<\/a>, patching five vulnerabilities, three with a high severity rating. One of them, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2021-21193\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2021-21193<\/a>, deserves special attention. It is a vulnerability in Google Chrome\u2019s browser engine Blink \u2014 the main component responsible for converting HTML code into the well-designed Web pages you\u2019re used to browsing.<\/p>\n<p>It is a <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/use-after-free\/\" target=\"_blank\" rel=\"noopener\">use-after-free<\/a> vulnerability, which means Blink had trouble clearing memory. The typical consequences of attacks on use-after-free vulnerabilities are data corruption and arbitrary code execution, though no information is available about what actually happens in this particular case. Google usually shares more details after most users have updated their browsers.<\/p>\n<p>An anonymous security researcher reported CVE-2021-211193 on March 9, and Google rushed out a fix in just three days. That rush might be attributable to the vulnerability\u2019s real-world exploitation; crooks have already used the vulnerability, and that is reason enough for everybody to patch Google Chrome ASAP.<\/p>\n<h2>How to patch Google Chrome<\/h2>\n<p>Google started rolling out the update on March 12, but it may be several days before the update button appears in the upper right corner of your browser. To speed things up, you can apply the update manually.<\/p>\n<p>In Chrome, simply click on the menu (three-dot) button and select <em>Settings \u2014&gt; About Chrome<\/em>. If your version of the browser is 89.0.4389.90 or newer, you\u2019re already using a patched version. If your version is older, then the browser will prompt you to let the browser update itself, requiring a relaunch. In that case, when it reopens, Chrome will automatically restore any tabs (except for Incognito tabs) you had open.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos-generic\">\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability in Google Chrome has already been exploited by malefactors. All users need to update to version 89.0.4389.90.<\/p>\n","protected":false},"author":675,"featured_media":18105,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917,1486],"tags":[16,22,2426,610],"class_list":{"0":"post-18104","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-threats","10":"tag-chrome","11":"tag-google","12":"tag-use-after-free","13":"tag-vulnerability"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/18104\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-chrome-cve-2021-21193\/22610\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/24347\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-chrome-cve-2021-21193\/22423\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/21336\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/google-chrome-cve-2021-21193\/24895\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/google-chrome-cve-2021-21193\/24169\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/google-chrome-cve-2021-21193\/30275\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/google-chrome-cve-2021-21193\/9418\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-chrome-cve-2021-21193\/39013\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/google-chrome-cve-2021-21193\/16558\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/google-chrome-cve-2021-21193\/17140\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/google-chrome-cve-2021-21193\/14575\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/google-chrome-cve-2021-21193\/26346\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/google-chrome-cve-2021-21193\/30210\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/google-chrome-cve-2021-21193\/26794\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/google-chrome-cve-2021-21193\/23656\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-chrome-cve-2021-21193\/28990\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-chrome-cve-2021-21193\/28793\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/chrome\/","name":"Chrome"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=18104"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18104\/revisions"}],"predecessor-version":[{"id":18106,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18104\/revisions\/18106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/18105"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=18104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=18104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=18104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}