Google has moved to patch more Chrome zero-days that are actively under attack as it seems as though Google’s problems with in-the-wild Chrome zero-days are multiplying rapidly. The vulnerabilities patched affect Windows, macOS, and Linux users, pertaining to CVE-2021-21206 and CVE-2021-21220. Google did not provide any other details on the attacks or provide information regarding how organizations can detect signs of infection.
The company confirmed that one of the bugs was part of an exploit chain that was demonstrated last week at the Pwn2Own marketing contest, seemingly alerting the company to the vulnerability. The second bug does not have an abundance of information attached to it and is classified simply as a use-after-free memory corruption vulnerability in Blink. Google stated that they received an anonymous report identifying the bug. In 2021 so far, Google has released patches for at least three separate zero-day vulnerabilities being exploited in the wild.