[German]Google developers have updated the Chrome browser to version 88.0.4324.182 as of February 16, 2020 in the desktop version for Linux, macOS and Windows. This security update fixes 106 vulnerabilities in the older browser versions.
The Google blog has this post with a list of vulnerabilities closed in Chrome 88.0.4324.182 for the desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$20000] High CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14
- [$20000] High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29
- [$15000] High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12
- [$5000] High CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14
- [$1000] High CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge of ERNW GmbH on 2020-12-06
- [$TBD] High CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01
- [$TBD] High CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani on 2021-02-07
- [$TBD] High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11
- [$TBD] Medium CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous on 2021-01-26
Some of the vulnerabilities are classified as High. Further problems have been detected and fixed internally through audits and fuzzing. The browser should therefore be updated quickly. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update function in the next few days. However, you can also download this build here.
Cookies helps to fund this blog: Cookie settings