Update: Google Chrome 91.0.4472.114 fixes 0-day vulnerability

[German]Google has released Google Chrome 91.0.4472.114 for Windows, Mac and Linux on June 17, 2021. It is a security update that fixes 4 vulnerabilities in older browser versions at once. The browser should be patched quickly, as a 0-day vulnerability CVE-2021-30554, which is rated as high, is already being exploited in the wild.


Advertising

The Google blog has this post with a list of vulnerabilities closed in Chrome 91.0.4472.114 for the desktop. Here are some highlighted vulnerabilities that have been fixed.

  • [$TBD][1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15
  • [$10000][1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01
  • [$7500][1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
  • [$10000][1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

All four vulnerabilities are rated high, and the Use after free vulnerability CVE-2021-30554 in WebGL 2021-30554 is being exploited in the wild (already the seventh 0-day in 2021). Other issues have been tracked down and fixed internally through auditing and fuzzing. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature over the next few days. However, you can also download this build here.  (via)


Advertising

This entry was posted in browser, Security, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).