[German]Google has updated the Google Chrome Browser for Windows, macOS and Linux to version 87.0.4280.88 on December 2, 2020. This update closes eight vulnerabilities.
Advertising
I came across the update on Twitter. In the Google blog there is this post, documenting six vulnerabilities closed in Chrome 87.0.4280.88 for the desktop.
- [$5000][1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26
- [$TBD][1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14
- [$TBD][1149177] High CVE-2020-16039: Use after free in extensions. Reported by Anonymous on 2020-11-15
- [$TBD][1150649] High CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19
- [$TBD][1151865] Medium CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23
- [$TBD][1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull on 2020-11-23
Some of the vulnerabilities are rated High. The Chrome version for Windows, Mac and Linux will be rolled out to the systems in the next few days via automatic update. You can also download this build here.
Advertising
Google Chrome 87 is the last version to support adobe flash player, though flash is disabled by default.
but Chrome 88 (currently in beta channel with v88.0.4324.27) appears to be a flash free version