{"id":264697,"date":"2022-04-27T15:13:09","date_gmt":"2022-04-27T13:13:09","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=264697"},"modified":"2022-04-28T01:05:29","modified_gmt":"2022-04-27T23:05:29","slug":"chrome-101-0-4951-41-fixt-30-schwachstellen","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2022\/04\/27\/chrome-101-0-4951-41-fixt-30-schwachstellen\/","title":{"rendered":"Chrome 101.0.4951.41 fixt 30 Schwachstellen, hat aber GPO-Bug"},"content":{"rendered":"

[English<\/a>]Google hat zum 26. April 2022 Updates des Google Chrome 101.0.4951.41 f\u00fcr Windows und Mac auf dem Desktop im Stable Channel freigegeben. Das ist der neue 101-Entwicklungszweig, wobei das Update 30, zum Teil als Hoch eingestufte Schwachstellen schlie\u00dft. Erg\u00e4nzung:<\/strong> Diese Version ignoriert allerdings Gruppenrichtlinien. Zudem sind Updates auf Version 100.0.4896.143 im Extended Stable-Channel verf\u00fcgbar. \"\"Die betreffenden Eintr\u00e4ge finden sich im Google-Blog<\/a>.<\/p>\n

<\/p>\n

Chrome 101.0.4951.41<\/h2>\n

\"\"Dieser Beitrag<\/a> zum Update auf Chrome 101.0.4951.41 f\u00fcr Windows und Mac f\u00fcr den Desktop enth\u00e4lt kurze Beschreibung der im Chrome-Browser geschlossenen Schwachstellen (und hier<\/a> gibt es die Details f\u00fcr die Version 100.0.4896.143 im Stable Channel f\u00fcr Windows und Mac). Hier die Liste der geschlossenen Schwachstellen:<\/p>\n

[$10000][1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
\n[$7000][1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
\n[$7000][1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
\n[$6000][1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
\n[$5000][1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
\n[$NA][1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
\n[$NA][1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
\n[$7500][1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
\n[$7500][1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
\n[$7500][1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
\n[$7000][1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
\n[$5000][1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
\n[$2000][1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
\n[$2000][1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
\n[$2000][1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
\n[$2000][1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Micha\u0142 Bentkowski of Securitum on 2022-04-11
\n[$1000][1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
\n[$1000][1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
\n[$1000][1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
\n[$1000][1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
\n[$NA][1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
\n[$500][1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
\n[$NA][1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
\n[$TBD][1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
\n[$NA][1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02<\/p><\/blockquote>\n

Details zu den Schwachstellen werden aber keine ver\u00f6ffentlicht, bis der Gro\u00dfteil der Nutzer umgestiegen ist. Die Chrome-Version f\u00fcr Windows, Mac und Linux wird in den n\u00e4chsten Tagen \u00fcber die automatische Update-Funktion auf die Systeme ausgerollt. Man kann den Browser auch manuell (\u00fcber das Men\u00fc und den Befehl \u00dcber Google Chrome<\/em>) aktualisieren. Die aktuelle Build des Chrome-Browsers l\u00e4sst sich auch hier herunterladen<\/a>.<\/p>\n

Der Gruppenrichtlinien-Bug<\/h2>\n

Beachtet die Hinweise in den nachfolgenden Kommentaren. Gruppenrichtlinien f\u00fcr den Google Chrome-Browser, die in Firmen zum Einsatz kommen, werden durch einen Bug wohl nicht ber\u00fccksichtig.<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Google hat zum 26. April 2022 Updates des Google Chrome 101.0.4951.41 f\u00fcr Windows und Mac auf dem Desktop im Stable Channel freigegeben. Das ist der neue 101-Entwicklungszweig, wobei das Update 30, zum Teil als Hoch eingestufte Schwachstellen schlie\u00dft. Erg\u00e4nzung: Diese … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1356,426,7459,185],"tags":[406,4328,4315],"class_list":["post-264697","post","type-post","status-publish","format-standard","hentry","category-google-chrome-internet","category-sicherheit","category-software","category-update","tag-chrome","tag-sicherheit","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/264697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=264697"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/264697\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=264697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=264697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=264697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}