Google Releases Chrome Update Fixes Seven Security Flaws

Image: Getty Images.

Google on Wednesday released version 90.0.4430.85 of the Chrome browser for Windows, Mac and Linux. This release contains seven security fixes, including one for an actively exploited zero-day vulnerability.

The zero-day vulnerability, which received the identifier CVE-2021-21224, has been described as a “type of confusion in V8”.

Srinivas Sista, Chrome Tech Program Manager, detailed five of the other vulnerabilities in an advisory: CVE-2021-21222 is a heap buffer overflow in V8, CVE-2021-21223 is an integer overflow in Mojo, CVE-2021-21225 has out-of-bounds memory access in V8, CVE-2021-21226 has release use in navigation, and CVE-2021-21224 has “confusion type” in V8.

“Google is aware of investigations reporting that the CVE-2021-21224 vulnerability has been exploited,” he warns.

The advisory thanks five researchers for their contributions and adds that its own ongoing security work has led to a wide range of fixes.

Source: .com

Back to top button