Briefly informed: Google has updated its Chrome browser to version 89.0.4389.114. In addition to some problems that are recorded in the log report, 8 other security vulnerabilities have been closed.
All 8 security vulnerabilities were classified as "high". As always, the individual descriptions of the security vulnerabilities are only released after some time, when most browsers have been updated. The other Chromium browsers, such as Microsoft Edge, will follow suit as always.
Info and download:
- chromereleases.googleblog.com
- Download of the individual versions: chromium.org/
Bugs Fixed
[$20000][1181228] High CVE-2021-21194: Use after free in the screen capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23
[$15000][1182647] High CVE-2021-21195: Use after free in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26
[$10000][1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-02-08
[$TBD][1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03
[$TBD][1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand of Google Project Zero on 2021-03-03
[$7500][1179635] High CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras
[1193827] Various fixes from internal audits, fuzzing and other initiatives
0 Comments