Chrome 95.0.4638.54

[English]Google has released a security update of Google Chrome 95.0.4638.54 for Windows, Mac and Linux as of October 19, 2021. It is a security update that closes vulnerabilities rated as high. Here is a brief overview.


Google blog has this post with the brief description of the vulnerabilities closed in Chrome 95.0.4638.54 for desktop.

  • [$20000][1246631] High CVE-2021-37981 : Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
  • [$10000][1248661] High CVE-2021-37982 : Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11
  • [$10000][1249810] High CVE-2021-37983 : Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15
  • [$7500][1253399] High CVE-2021-37984 : Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint on 2021-09-27
  • [$5000][1241860] High CVE-2021-37985 : Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
  • [$6000][1242404] Medium CVE-2021-37986 : Heap buffer overflow in Settings. Reported by raven (@raid_akame)  on 2021-08-23
  • [$5000][1206928] Medium CVE-2021-37987 : Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
  • [$5000][1228248] Medium CVE-2021-37988 : Use after free in Profiles. Reported by raven (@raid_akame)  on 2021-07-12
  • [$2000][1233067] Medium CVE-2021-37989 : Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
  • [$N/A][1247395] Medium CVE-2021-37990 : Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07
  • [$TBD][1250660] Medium CVE-2021-37991 : Race in V8. Reported by Samuel Groß of Google Project Zero on 2021-09-17
  • [$TBD][1253746] Medium CVE-2021-37992 : Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28
  • [$TBD][1255332] Medium CVE-2021-37993 : Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
  • [$TBD][1243020] Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24
  • [$3000][1100761] Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30
  • [$1000][1242315] Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23

However, no details about the vulnerability will be published until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next few days. The current build of the Chrome browser can also be downloaded here.

Cookies helps to fund this blog: Cookie settings

This entry was posted in browser, Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.