Various fixes from internal audits, fuzzing and other initiatives.
Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on
Medium CVE-2021-37976 : Information leak in core.
Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi’anxin Group on
High CVE-2021-37974 : Use after free in Safe Browsing.
The first of which netted the Codesafe Team a bug bounty of $20,000 for reporting the issue to the Chrome team. Below you can find the list of patches rolled out in this version. Two of which have been confirmed by Google as having zero-day exploits in the wild which means that someone has actively attempted to attack a system using the weakness in the software. Last week’s update contained one high-level vulnerability while this week’s update contains four bug fixes. If you aren’t on that version, you’ll want to update as soon as possible. The latest version of the desktop Chrome browser for Windows, Linux, and macOS is. So, before we go any further, you should head to the Chrome settings menu and check for an update. In the past week, Google has rolled out two incremental updates to Chrome 94 that included three known exploits confirmed in the wild. That said, this is exactly why it is important to keep your software up to date at all times. As with many other software applications that receive ongoing, regular updates, Google’s Chrome browser is no stranger to security issues and vulnerabilities.
0 kommentar(er)
