[German]Google has released Google Chrome 89.0.4389.114 on March 30, 2021. The browser should be updated promptly, as Google closes eight vulnerabilities. Here's a brief overview.
The information came to my attention here. The Google blog has this post with a list of vulnerabilities closed in Chrome89.0.4389.114 for the desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$20000] High CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23
- [$15000] High CVE-2021-21195: Use after free in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26
- [$10000] High CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-02-08
- [$TBD] High CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03
- [$TBD] High CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand of Google Project Zero on 2021-03-03
- [$7500] High CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras
The vulnerabilities have been rated as High. Further problems have been detected and fixed internally through audits and fuzzing. The browser should therefore be updated quickly. The Chrome version for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next few days. However, you can also download this build here.
Cookies helps to fund this blog: Cookie settings