Chrome 96.0.4664.45

[German]Google has released an update to Google Chrome 96.0.4664.45for Windows, Mac and Linux (and Android) on November 15, 2021. It is a new development branch, but which also closes some vulnerabilities. Here's a brief overview.


The Google blog has this post with the brief description of the vulnerabilities closed in Chrome 96.0.4664.45 for desktop.

  • [$7500][1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29
  • [$7500][1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26
  • [$2000][1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
  • [$TBD][1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17
  • [$TBD][1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18
  • [$TBD][1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28
  • [$TBD][1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09
  • [$15000][1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24
  • [$10000][1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23
  • [$5000][1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
  • [$3000][957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29
  • [$3000][1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer  on 2021-08-28
  • [$2500][1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05
  • [$2000][1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11
  • [$1000][1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20
  • [$1000][1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13
  • [$500][1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27
  • [$TBD][1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13

However, no details about the vulnerability will be published until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next few days. The current build of the Chrome browser can also be downloaded here. (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in browser, Security, Software, Update and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *