[German]Google has released Google Chrome 91.0.4472.101 for Windows, Mac and Linux on June 9, 2021. It is a security update that fixes 14 vulnerabilities in older browser versions at once. The browser should be patched quickly, as the 0-day vulnerability CVE-2021-30551 is already being exploited in the wild.
The Google blog has this post with a list of vulnerabilities closed in Chrome 91.0.4472.101 for the desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$25000] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
- [$20000] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
- [$NA] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
- [$TBD] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
- [$TBD] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18
- [$TBD] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
- [$TBD] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23
- [$NA] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
- [$TBD] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20
- [$TBD] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17
One vulnerability is classified as critical, other vulnerabilities are classified as high. Further problems were found and fixed internally through audits and fuzzing. An overview of the features can be found here. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature over the next few days. However, you can also download this build here. (via)
Cookies helps to fund this blog: Cookie settings