[German]Google has released the stable version of Google Chrome 93.0.4577.82 for Windows, Mac and Linux on September 13, 2021. It is a security update that closes 0-day vulnerabilities. Some vulnerabilities are already being exploited. Here’s a brief overview of what to expect from the update.
- [$7500] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
- [$7500] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
- [$5000] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
- [$TBD] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
- [$TBD] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-26
- [$TBD] High CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
- [$TBD] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
- [$TBD] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
- [$TBD] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08
Other issues have been tracked down and fixed internally through audits and fuzzing. Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild. The Chrome build for Windows, Mac and Linux will be rolled out to systems via the automatic update feature over the next few days. The latest build of the Chrome browser can also be downloaded here.
Cookies helps to fund this blog: Cookie settings