[German]Google developers have updated the Chrome browser to version 89.0.4389.90 as of March 12, 20201in the desktop version for Linux, macOS and Windows. This security update fixes a 0-day vulnerability in the older browser versions. And the browser is supposed to get a new version every four weeks.
The info came to my attention on several websites. The Google blog has this post with a list of vulnerabilities closed in Chrome 89.0.4389.90 the desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$500] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15
- [$TBD] High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23
- [$TBD] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09
Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild. Some of the vulnerabilities are rated High. Other issues have been tracked down and fixed internally through audits and fuzzing. So, the browser should be updated quickly. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update function in the next few days. However, you can also download this build here.
Chrome and Edge with monthly updates
Google recently announced that it would be introducing a four-week release cycle for its Chrome browser.
Final thought on this: Hopefully this goes well – after all, we already suffer from featuritis and that the browser has become a performance-guzzling monster with umpteen vulnerabilities. Let's see.
Cookies helps to fund this blog: Cookie settings