{"id":242618,"date":"2021-01-20T17:42:23","date_gmt":"2021-01-20T16:42:23","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=242618"},"modified":"2021-06-07T11:20:53","modified_gmt":"2021-06-07T09:20:53","slug":"chrome-88-0-4324-96-fixt-schwachstellen","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/01\/20\/chrome-88-0-4324-96-fixt-schwachstellen\/","title":{"rendered":"Chrome 88.0.4324.96 fixt 36 Schwachstellen"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Chrome.jpg\" \/>[<a href=\"https:\/\/borncity.com\/win\/2021\/01\/20\/chrome-88-0-4324-96-fixt-schwachstellen\/\" target=\"_blank\" rel=\"noopener\">English<\/a>]Die Google Entwickler haben den Chrome-Browser zum 19. Januar 2020 in der Desktop-Version f\u00fcr Linux, macOS und Windows auf die Version 88.0.4324.96 aktualisiert. Dieses Sicherheitsupdate fixt 36 Schwachstellen in\u00a0 den \u00e4lteren Browserversionen.<\/p>\n<p><!--more--><\/p>\n<p>Mir ist die Info auf verschiedenen Webseiten (u.a. <a href=\"https:\/\/www.deskmodder.de\/blog\/2021\/01\/20\/google-chrome-88-0-4324-96-behebt-36-sicherheitsluecken-und-kommt-mit-neuen-funktionen\/\" target=\"_blank\" rel=\"noopener\">hier<\/a>) unter die Augen gekommen. Die Version 88 des Browsers ist ein neuer Entwicklungszweig. Die Google-Entwickler haben im Dezember 2020 <a href=\"https:\/\/developers.google.com\/web\/updates\/2020\/12\/chrome-88-deps-rems\" target=\"_blank\" rel=\"noopener\">diesen Artikel<\/a> zur Beta des Chrome 88 ver\u00f6ffentlicht. Ab dieser Version wird die FTP-Unterst\u00fctzung im Browser entfernt. Flash wird ebenfalls nicht mehr unterst\u00fctzt. Bei Interesse, heise hat <a href=\"https:\/\/www.heise.de\/news\/Chrome-88-ist-da-Ohne-Flash-und-FTP-Support-5030411.html\" target=\"_blank\" rel=\"noopener\">diesen Artikel<\/a> zu den \u00c4nderungen ver\u00f6ffentlicht. Auch der <a href=\"https:\/\/www.howtogeek.com\/709576\/whats-new-in-chrome-88-available-today\/\" target=\"_blank\" rel=\"noopener\">Artikel hier<\/a> bei HowToGeek enth\u00e4lt einen Abriss zu den diversen Neuerungen. Im Google-Blog gibt es <a href=\"https:\/\/chromereleases.googleblog.com\/2021\/01\/stable-channel-update-for-desktop_19.html\" target=\"_blank\" rel=\"noopener\">diesen Beitrag<\/a> mit einer Liste der im Chrome 88.0.4324.96 f\u00fcr den Desktop geschlossenen Schwachstellen. Hier einige hervorgehobene Schwachstellen, die beseitigt wurden.<\/p>\n<ul>\n<li>[$30000][1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10<\/li>\n<li>[$16000][1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23<\/li>\n<li>[$5000][1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20<\/li>\n<li>[$5000][1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21<\/li>\n<li>[$5000][1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22<\/li>\n<li>[$5000][1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28<\/li>\n<li>[$1000][1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11<\/li>\n<li>[$N\/A][1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23<\/li>\n<li>[$N\/A][1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24<\/li>\n<li>[$N\/A][1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05<\/li>\n<li>[$3000][1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22<\/li>\n<li>[$3000][1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12<\/li>\n<li>[$2000][1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15<\/li>\n<li>[$1000][1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20<\/li>\n<li>[$1000][1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20<\/li>\n<li>[$1000][1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20<\/li>\n<li>[$TBD][1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15<\/li>\n<li>[$TBD][1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01(https:\/\/twitter.com\/wester0x01) on 2020-12-11<\/li>\n<li>[$TBD][1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01(https:\/\/twitter.com\/wester0x01) on 2020-12-11<\/li>\n<li>[$TBD][1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11<\/li>\n<li>[$2000][1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27<\/li>\n<li>[$500][1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11<\/li>\n<li>[$500][1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27<\/li>\n<li>[$N\/A][937131] Low CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-01<\/li>\n<li>[$N\/A][1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08<\/li>\n<li>[$N\/A][1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20<\/li>\n<\/ul>\n<p>Eine dieser Schwachstellen wird als kritisch bezeichnet, ein Teil der Schwachstellen ist mit der Einstufung High versehen. Weitere Probleme wurden intern durch Audits und Fuzzing aufgesp\u00fcrt und behoben. Der Browser sollte also z\u00fcgig aktualisiert werden. Die Chrome-Version f\u00fcr Windows, Mac und Linux wird in den n\u00e4chsten Tagen \u00fcber die automatische Update-Funktion auf die Systeme ausgerollt. Sie k\u00f6nnen diese Build aber auch <a href=\"https:\/\/www.google.com\/intl\/de_de\/chrome\/\" target=\"_blank\" rel=\"noopener\">hier herunterladen<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Die Google Entwickler haben den Chrome-Browser zum 19. Januar 2020 in der Desktop-Version f\u00fcr Linux, macOS und Windows auf die Version 88.0.4324.96 aktualisiert. Dieses Sicherheitsupdate fixt 36 Schwachstellen in\u00a0 den \u00e4lteren Browserversionen.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1356,426,185],"tags":[406,4328,4315],"class_list":["post-242618","post","type-post","status-publish","format-standard","hentry","category-google-chrome-internet","category-sicherheit","category-update","tag-chrome","tag-sicherheit","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/242618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=242618"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/242618\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=242618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=242618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=242618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}