Google Chrome 91.0.4472.164 fixes 0-day vulnerability

[German]Google has released Google Chrome 91.0.4472.164 for Windows, Mac and Linux on July 15, 2021. It is a security update that fixes 7 vulnerabilities in older browser versions at once. The browser should be patched quickly, as a 0-day vulnerability CVE-2021-30563, rated as high, is already being exploited in the wild.


Advertising

The Google blog has this post with a list of vulnerabilities closed in Chrome 91.0.4472.164 for the desktop. Here are some highlighted vulnerabilities that have been fixed. 

  • [$7500][1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11
  • [$5000][1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31
  • [$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12
  • [$TBD][1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14
  • [$TBD][1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15
  • [$TBD][1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12
  • [$TBD][1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

Additional issues were tracked down and fixed internally through audits and fuzzing. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. However, you can also download this build here. (via)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in browser, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.