Security News > 2021 > May > Google Patches 19 Vulnerabilities With Chrome 90 Update
2021-05-11 11:53
Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.
In its advisory, Google made no mention of any of these vulnerabilities being exploited in live attacks.
Over the past couple of months the Internet search giant shipped patches for several zero-day vulnerabilities in the browser.
In March, Google released an urgent fix to address CVE-2021-21193, a zero-day for which an exploit had already been published.
In April, the company shipped patches for CVE-2021-21206 and CVE-2021-21220 and CVE-2021-21224.
In April, a proof-of-concept exploit for a Chromium vulnerability was published before patches were delivered to Chrome and Edge users.
News URL
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21206 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |