Security News > 2021 > May > Google Patches 19 Vulnerabilities With Chrome 90 Update
2021-05-11 11:53
Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.
In its advisory, Google made no mention of any of these vulnerabilities being exploited in live attacks.
Over the past couple of months the Internet search giant shipped patches for several zero-day vulnerabilities in the browser.
In March, Google released an urgent fix to address CVE-2021-21193, a zero-day for which an exploit had already been published.
In April, the company shipped patches for CVE-2021-21206 and CVE-2021-21220 and CVE-2021-21224.
In April, a proof-of-concept exploit for a Chromium vulnerability was published before patches were delivered to Chrome and Edge users.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21206 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |