Chrome 96.0.4664.110: Patches critical vulnerability used in the wild

[German]Google has released an update to Google Chrome 96.0.4664.110 for Windows, Mac and Linux (and version 96.0.4664.104 for Android) as of December 13, 2021. It is a security update that closes a critical and exploited vulnerability. Here's a quick overview.


Advertising

The Google blog has this post with the brief description of the vulnerabilities closed in Chrome 96.0.4664.110 for desktop.

  • [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
  • [$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
  • [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
  • [$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair  on 2021-10-21
  • [$TBD][1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild. However, details about vulnerabilities will not be published until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to systems via the automatic update feature in the next few days. The current build of the Chrome browser can also be downloaded here. (via)


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in browser, Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *