[German]Google has updated the Google Chrome browser for Windows, macOS and Linux to version 87.0.4280.141 as of January 6, 20201. This update fixes 16 vulnerabilities.
The info came to my attention on various websites. The Google blog has this post with a list of vulnerabilities closed in Chrome 87.0.4280.141 for desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$20000] High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13
- [$20000] High CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30
- [$20000] High CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-04
- [$15000] High CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24
- [$15000] High CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous on 2020-11-24
- [$7500] High CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz on 2020-11-15
- [$7500] High CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20
- [$6000] High CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu on 2020-12-03
- [$N/A] High CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis on 2020-11-12
- [$N/A] High CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17
- [$TBD] High CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2020-12-11
- [$TBD] High CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11
- [$N/A] Medium CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-11-19
Some of the vulnerabilities are classified as High. Other issues have been tracked down and fixed internally through audits and fuzzing. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. However, you can also download this build here.
Cookies helps to fund this blog: Cookie settings