Google company formed Chrome update 89.0.4389.128, in which Fixed two vulnerabilities (CVE-2021-21-21206, CVE-2021-21220), for which working exploits (0-day) are available. The Vulnerability of CVE-2021-21220 was used to hack chrome at PWN2OWN 2021 competition.
Operation of this vulnerability is carried out through the execution of a certainly decorated WebASSEMBLY code (vulnerability is caused by an error in the Webassembly virtual machine that allows you to record or read the data on an arbitrary address in memory). It is noted that the experiment shown does not allow to bypass the sandbox-isolation and for a full attack requires the detection of another vulnerability to exit Sandbox (at the PWN2OWN 2021 competition, such a vulnerability was demonstrated for Windows).
Exploit Example For this problem was Published on GitHub After making correction in the V8 engine, but without waiting for the formation of renewal of browsers based on it (even if the exploit was not published, the attackers were able to recreate it on the basis of the analysis of changes in the V8 repository, which has already happened earlier due to the emergence of the situation when the correction in the V8 has already been published, but products on it is not yet updated).
Additionally, it is possible to mark the shift schedule for publishing chrome 90 for Linux, Windows and MacOS. This issue was scheduled for April 13, but yesterday was not published, and came out Only version for Android. Today was formed Additional beta-edition Chrome 90. About the new release date Not reported.