Google Chrome 91.0.4472.77 with security fixes

[German]Google has released Google Chrome 91.0.4472.77 on May 25, 2021. It is a security update that fixes 32 vulnerabilities in older browser versions at once.


Advertising

The Google blog has this post with a list of vulnerabilities closed in Chrome 91.0.4472.77 for desktop. Here are some highlighted vulnerabilities that have been fixed. 

  • [$20000][1208721] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13
  • [$7500][1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09
  • [$7500][1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13
  • [$TBD][1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08
  • [$TBD][1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11
  • [$TBD][1198717] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13
  • [$TBD][1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15
  • [$NA][1206329] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06
  • [$7500][1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02
  • [$7500][1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21
  • [$5000][1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12
  • [$5000][1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18
  • [$5000][1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04
  • [$3000][1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20
  • [$1000][1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01
  • [$500][1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03
  • [$15000][1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31
  • [$3000][830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
  • [$3000][1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11
  • [$1000][971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher  on 2019-06-05
  • [$500][1184147] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03

Some vulnerabilities have been given a High rating. Further problems were found and fixed internally through audits and fuzzing. An overview of the features can be found here. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. However, you can also download this build here. (via)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update and tagged , , . Bookmark the permalink.

2 Responses to Google Chrome 91.0.4472.77 with security fixes

  1. chalifoux denise says:

    outlook ne me permet plus d’envoyer des courriels étant remplaçé par live.com
    quelle action dois-je faire pour corriger ce problème ?

    • guenni says:

      Try to register Microsoft Outlook application as default e-mail client. There should be a setting for default email app within control panel. With MS Outlook you can try also the hints given here or probably better here for Outlook from Office 365.

Leave a Reply

Your email address will not be published. Required fields are marked *