Security News > 2021 > May > Google Patches 19 Vulnerabilities With Chrome 90 Update
2021-05-11 11:53
Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.
In its advisory, Google made no mention of any of these vulnerabilities being exploited in live attacks.
Over the past couple of months the Internet search giant shipped patches for several zero-day vulnerabilities in the browser.
In March, Google released an urgent fix to address CVE-2021-21193, a zero-day for which an exploit had already been published.
In April, the company shipped patches for CVE-2021-21206 and CVE-2021-21220 and CVE-2021-21224.
In April, a proof-of-concept exploit for a Chromium vulnerability was published before patches were delivered to Chrome and Edge users.
News URL
Related news
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21206 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |