Chrome 88.0.4324.150 fixes one critical and Edge 88.0.705.62 seven vulnerabilities, 0-day in IE

[German]Google developers have updated the Chrome browser to version 88.0.4324.150 as of February 4, 2021 in the desktop version for Linux, macOS and Windows. This security update fixes a critical vulnerability in the older browser versions. Microsoft has also released Edge 88.0.705.62, which fixes seven vulnerabilities. And Internet Explorer also has a 0-day vulnerability. Addendum: An update to Edge 88.0.705.63 is available since Feb. 5, 2021.


Advertising

Chrome 88.0.4324.150  fixes a critical vulnerability

The Google blog has this post on Chrome 88.0.4324.150, which states a closed vulnerability for the desktop:

[$TBD][1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24

Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. So the browser should be updated quickly. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature over the next few days. However, you can also download this build here.

ZDNet points out in this article that North Korean hackers are believed to have attacked security researchers via a 0-day vulnerability in Google Chrome. Microsoft has published this article about it.

0-day vulnerability in Internet Explorer

In addition, there is a Korean article in which security researchers announce a discovered 0-day vulnerability in Internet Explorer, which is also used for such attacks. Bleeping Computer has this post on the topic. So far Microsoft has not announced anything regarding an update.

Edge 88.0.705.62 fixes seven vulnerabilities

As of February 4, 2021, Microsoft has updated the Chromium-based Edge browser to version 88.0.705.62. This version is based on Chrome 88.0.4324.146, according to this MS page. This is a security update that fixes seven vulnerabilities, according to this Microsoft security page.

The browser should be updated automatically.


Advertising

Microsoft released Edge 88.0.705.63

Addendum: Microsoft has released Edge 88.0.705.63 on February 5,  2021. I received the following advisory this night:

*******************************************************************************
Title: Microsoft Security Update Releases
Issued: February 5, 2021
*******************************************************************************
Summary
=======

The following CVEs have been released on February 4, 2021.

* CVE-2021-24113

– CVE-2021-24113 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: February 4, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important

The following CVEs released on February 4, 2021 and February 5, 2021 were assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.

See

Security Update Guide Supports CVEs Assigned by Industry Partners


for more information about third-party CVEs in the Security Update Guide.

* CVE-2021-21148

Revision Information:
=====================

– Version 1.0
– Reason for Revision: Information published.
– Originally posted: February 5, 2021

* CVE-2021-21142
* CVE-2021-21143
* CVE-2021-21144
* CVE-2021-21145
* CVE-2021-21146
* CVE-2021-21147

Revision Information:
=====================

– Version 1.0
– Reason for Revision: Information published.
– Originally posted: February 4, 2021


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in browser, Security, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.