[German]Google's developers have updated the Chrome Browser to version 83.0.4103.97 as of 3 June 2020. This version closes security holes in the desktop version of Google Browser. In addition, two vulnerabilities have also been fixed in Chrome for iOS (83.0.4103.88).
Advertising
Google has published this blog post about Chrome83.0.4103.97. It describes the fixes for the desktop and for iOS.
Chrome 83.0.4103.97 for the desktop
The security update fixes five vulnerabilities in Google's Chrome browser for the desktop. Here is an extract of critical vulnerabilities reported by external security researchers:
- [$20000][1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13
- [$7500][1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18
- [$TBD][1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18
- [$N/A][1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24
The fifth vulnerability appears to have been discovered internally by Google security researchers. As usual, Google is not disclosing details of the vulnerabilities in order to be able to roll out the update in waves.
The Chrome version 83.0.4103.97 for Windows, Mac and Linux will be rolled out to the systems in the next few days via the automatic update function. You can also download this build here.
Chrome for iOS (Version 83.0.4103.88)
The developers have also released fixes for two vulnerabilities in Chrome for iOS (version 83.0.4103.88). Here are the two vulnerabilities reported by external researchers:
Advertising
- [$1500][1069246] Medium CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora on 2020-04-08
- [$500][1081081] Medium CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora on 2020-05-11
Again, there should have been an auto update of the iOS Chrome app to the current version. (via)
Advertising