Google has released its second emergency update for Chrome this month

Chrome version 890438990 for Windows, Mac, and Linux fixes five security bugs, one of which (CVE-2021-21193) involves unprotected memory in Chrome's rendering engine, Blink

"Google's security bug has been fixed

"Google is aware of reports that an exploit against CVE-2021-21193 is on the loose," Chrome's official blog post grimly notes

In other words, the bad guys knew about this Blink vulnerability and launched their attack before the good guys put on their boots The flaw was reported to Google three days ago by a researcher who wishes to remain anonymous

Bringing the Chrome browser up to date is easy on Windows and Mac Usually, closing and restarting the browser completes the process 9]

Otherwise, click on the three vertical dots in the upper right corner of the Chrome browser window with your mouse cursor, scroll down to Help, and click About Google Chrome in the window that appears [A new browser tab will open and either say "Google Chrome is up to date" or you will be prompted to download the latest version and restart your browser Again, the version should be 890438990

For Linux, you will need to wait for Chrome updates to be incorporated into your distribution's normal software update cycle

Two of the other four flaws in today's patch were reported by non-Googlers: one is a memory handling flaw in WebRTC, the multimedia engine built into modern web browsers, whose discoverer, "raven" (a pseudonym), has a $500 bug bounty for the trouble

Another is a heap buffer overflow (basically a memory overrun) in Chrome's tab group, which was discovered by Abdulrahman Alqabandi of the Microsoft Browser Vulnerability Research team discovered by Abdulrahman Alqabandi of the Microsoft Browser Vulnerability Research team

Google found and independently fixed two other defects, but has not yet provided details about them

On March 2, Google fixed 47 Chrome security flaws, including an audio flaw that had already been exploited