Google announced on Friday (12) the launch of yet another emergency security update to fix zero-day vulnerabilities found in your browser, Google Chrome. This is the fifth emergency update launched this year.
The update is available for browser users on Windows, MacOS and Linux and fixes five recently discovered zero-day vulnerabilities, by external researchers. It was not disclosed whether the vulnerabilities were previously exploited.
According to Prudhvikumar Bommana, technical program manager for Google Chrome, three of the five vulnerabilities have a “high risk” severity, the most serious level of severity set by Google. Are they:
- CVE-2021-21191: which involves the WebRTC API, reported by @raid_akame in January this year;
- CVE-2021-21192: which involves a buffer overflow in groups of tabs, reported by Abdulrahman Alqabandi, in February this year;
- CVE-2021-21193: which involves the Blink rendering engine, reported anonymously in March this year.
“This update (version 89.0.4389.90) includes 5 security fixes […] Security bugs have been detected using [as ferramentas] AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer and AFL “, writes Bommana, in a blog post in the browser.
On Twitter, the user @raid_akame, responsible for finding the vulnerability in the WebRTC API (CVE-2021-21191) complains that he did not receive any reward for finding the fault.
Serveral chrome render uaf and no bug bounty, so sad ..
– raven (@raid_akame) January 14, 2021
The update is being sent in an automated way to browser users. However, if you need to update manually, the patch is available via the link.
Source: Google.
See the original post at: https://thehack.com.br/google-chrome-corrige-5-vulnerabilidades-zero-day-em-atualizacao-de-emergencia/?rand=48873
