[German]Google has released the stable version of Google Chrome 94.0.4606.54 for Windows, Mac and Linux on September 21, 2021. It is a security update that closes 19 vulnerabilities. Here's a quick overview of what to expect from the update.
This update is the first version to be included in the new extended stable channel for Windows and Mac. in the extended stable channel (see explanations), a new milestone is rolled out every 8 weeks. Also, according to this post, Google has started to use certain measures in the Chrome code to increase security.
The Google blog has this post with a list of the 19 vulnerabilities closed in Chrome 94.0.4606.54 for desktop. Here are some highlighted vulnerabilities that have been fixed.
- [$15000] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24
- [$7500] High CVE-2021-37957 : Use after free in WebGPU. Reported by Looben Yang on 2021-08-23
- [$3000] High CVE-2021-37958 : Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24
- [$1000] High CVE-2021-37959 : Use after free in Task Manager. Reported by raven (@raid_akame) on 2021-07-15
- [$TBD] High CVE-2021-37960 : Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07
- [$10000] Medium CVE-2021-37961 : Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13
- [$10000] Medium CVE-2021-37962 : Use after free in Performance Manager. Reported by Sri on 2021-07-22
- [$3000] Medium CVE-2021-37963 : Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O'Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16
- [$3000] Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28
- [$3000] Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13
- [$TBD] Medium CVE-2021-37966 : Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
- [$TBD] Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26
- [$TBD] Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30
- [$TBD] Medium CVE-2021-37969 : Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02
- [$TBD] Medium CVE-2021-37970 : Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09
- [$1000] Low CVE-2021-37971 : Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13
- [$TBD] Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29
Additional issues were tracked down and fixed internally through audits and fuzzing. The Chrome version for Windows, Mac and Linux will be rolled out to the systems via automatic update in the next few days. The latest build of the Chrome browser can also be downloaded here. (via)
Cookies helps to fund this blog: Cookie settings