The Google Chrome 89.0.4389.90 update patches five vulnerabilities. Three of those five vulnerabilities are given a high severity rating. One of those vulnerabilities (CVE-2021-21193) was found in Google Chrome’s browser engine Blink.

The CVE-2021-211193 exploit was discovered by an anonymous security researcher on March 9 and because of its severity, this new Chrome version (89.0.4389.90) has already been rushed out to computers. The 89.0.4389.90 Chrome update started rolling out to computers on March 12 and the rollout can take a few days to reach all computers around the world.

If you use Google Chrome, you should notice the update notification in the top right corner of the browser when the update has been made available to your computer. You can also navigate to the three-dotted menu > Settings > About Chrome and check whether or not your version of the browser has been updated successfully to 89.0.4389.90 or newer. The numbers do indeed proceed to increase so if you have a number higher than this, you know your browser is updated to solve the vulnerabilities mentioned in this article.

The Stable channel has been updated to 89.0.4389.90 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild.

Download Links