[German]Google has released a security update of Google Chrome 95.0.4638.69 for Windows, Mac and Linux on October 28, 2021. It is a security update that closes vulnerabilities rated as high. Here's a brief overview.
Advertising
The Google blog has this post with the brief description of the vulnerabilities closed in Chrome 95.0.4638.54 for desktop.
- [$10000][1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
- [$7500][1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13
- [$1000][1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
- [$N/A][1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
- [$N/A][1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
- [$N/A][1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup on 2021-10-16
- [$TBD][1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26
Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild. However, details about the vulnerability will not be released until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. The current build of the Chrome browser can also be downloaded here. (via)
Advertising
