Google Chrome 90.0.4430.93 with security fixes

[German]Google has released Google Chrome 90.0.4430.93 as of April 26, 2021. It is a security update that fixes 9 vulnerabilities in older browser versions. 


Advertising

The Google blog has this post with a list of vulnerabilities closed in Chrome 90.0.4430.93 for desktop. Here are some highlighted vulnerabilities that have been fixed. 

  • [$15000][1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15
  • [$NA][1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05
  • [$TBD][1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair on 2021-02-26
  • [$5000][1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16
  • [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
  • [$TBD][1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13
  • [$NA][1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-04-13

Some vulnerabilities have been given a High rating. Other issues have been tracked down and fixed internally through audits and fuzzing. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. However, you can also download this build here. (via)


Advertising

This entry was posted in browser, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).