Google has released its second emergency update for Chrome this month.

Chrome version 89.0.4389.90 for Windows, Mac, and Linux fixes five security bugs, one of which (CVE-2021-21193) involves unprotected memory in Chrome's rendering engine, Blink

"Google's security bug has been fixed.

"Google is aware of reports that an exploit against CVE-2021-21193 is on the loose," Chrome's official blog post grimly notes.

In other words, the bad guys knew about this Blink vulnerability and launched their attack before the good guys put on their boots. The flaw was reported to Google three days ago by a researcher who wishes to remain anonymous.

Bringing the Chrome browser up to date is easy on Windows and Mac. Usually, closing and restarting the browser completes the process. 9]

Otherwise, click on the three vertical dots in the upper right corner of the Chrome browser window with your mouse cursor, scroll down to Help, and click About Google Chrome in the window that appears. [A new browser tab will open and either say "Google Chrome is up to date" or you will be prompted to download the latest version and restart your browser. Again, the version should be 89.0.4389.90.

For Linux, you will need to wait for Chrome updates to be incorporated into your distribution's normal software update cycle.

Two of the other four flaws in today's patch were reported by non-Googlers: one is a memory handling flaw in WebRTC, the multimedia engine built into modern web browsers, whose discoverer, "raven" (a pseudonym), has a $500 bug bounty for the trouble.

Another is a heap buffer overflow (basically a memory overrun) in Chrome's tab group, which was discovered by Abdulrahman Alqabandi of the Microsoft Browser Vulnerability Research team discovered by Abdulrahman Alqabandi of the Microsoft Browser Vulnerability Research team.

Google found and independently fixed two other defects, but has not yet provided details about them.

On March 2, Google fixed 47 Chrome security flaws, including an audio flaw that had already been exploited.