Security News > 2021 > May > Google Patches 19 Vulnerabilities With Chrome 90 Update
2021-05-11 11:53
Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.
In its advisory, Google made no mention of any of these vulnerabilities being exploited in live attacks.
Over the past couple of months the Internet search giant shipped patches for several zero-day vulnerabilities in the browser.
In March, Google released an urgent fix to address CVE-2021-21193, a zero-day for which an exploit had already been published.
In April, the company shipped patches for CVE-2021-21206 and CVE-2021-21220 and CVE-2021-21224.
In April, a proof-of-concept exploit for a Chromium vulnerability was published before patches were delivered to Chrome and Edge users.
News URL
Related news
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21206 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |