Google has released Chrome 90 security update (90.0.4430.212) for Windows, Mac and Linux with fixes for 19 vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of the Chrome security update, Google patched 19 vulnerabilities in all, 13 of those rated High severity.
The 13 High severity vulnerabilities patched and discovered by external researchers include:
- CVE-2021-30506: Incorrect security UI in Web App Installs.
- CVE-2021-30507: Inappropriate implementation in Offline.
- CVE-2021-30508: Heap buffer overflow in Media Feeds.
- CVE-2021-30509: Out of bounds write in Tab Strip.
- CVE-2021-30510: Race in Aura.
- CVE-2021-30511: Out of bounds read in Tab Groups.
- CVE-2021-30512: Use after free in Notifications.
- CVE-2021-30513: Type Confusion in V8.
- CVE-2021-30514: Use after free in Autofill.
- CVE-2021-30515: Use after free in File API.
- CVE-2021-30516: Heap buffer overflow in History.
- CVE-2021-30517: Type Confusion in V8.
- CVE-2021-30518: Heap buffer overflow in Reader Mode.
Moreover, the update addressed two Medium severity flaws. None of the listed vulnerabilities had known public exploits at the time of the Google advisory.
Finally, Google also released Chrome 90 (90.0.4430.210) for Android.
- Google releases Chrome security update (90.0.4430.93)
- Chrome security update fixes zero-day (CVE-2021-21224) and 6 other vulnerabilities
- Chrome security update (89.0.4389.90) fixes zero-day exploited in the wild (CVE-2021-21193)
- Google patches Chrome zero-day (CVE-2021-21166) exploited in the wild
- Google patches Chrome zero-day (CVE-2021-21148) exploited in the wild