Google issues Chrome update patching seven security vulnerabilities

Google on Wednesday released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The release contains seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.

The zero-day, which was assigned the identifier of CVE-2021-21224, was described as a “type confusion in V8”.

In an advisory penned by Chrome technical program manager Srinivas Sista, five vulnerabilities were detailed: CVE-2021-21222 heap buffer overflow in V8, CVE-2021-21223 integer overflow in Mojo, CVE-2021-21225 out of bounds memory access in V8, CVE-2021-21226 use after free in navigation, and CVE-2021-21224 type confusion in V8.

“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” he wrote.

The advisory thanked five researchers for their contributions and added that its own ongoing security work was responsible for a wide range of fixes.

By ZDNet Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here