Overview
Google has announced a new update to patch for 27 vulnerabilities that exist in Chrome browser. To defend against possible attacks due to these vulnerabilities, Google Chrome for Windows, Mac and Linux needs to be updated to the stable version 93.0.4577.63.
Description
Google has released a new version (93.0.4577.63) for Chrome for Windows, Mac and Linux to patch for a total of 27 new security vulnerabilities. So far, Google has disclosed limited information, such as CVE identifiers and vulnerability types, on the recently discovered vulnerabilities.
19 of these vulnerabilities have been reported by the external security researchers. 5 of these vulnerabilities are rated as “High” in severity while 12 of them have “Medium” severity rating. Currently, Google disclosed no information about the remaining 8 vulnerabilities that have been discovered in-house.
- CVE-2021-30606: Use After Free in Blink. Severity: High
- CVE-2021-30607: Use After Free in Permissions. Severity: High
- CVE-2021-30608: Use After Free in Web Share. Severity: High
- CVE-2021-30609: Use After Free in Sign-In. Severity: High
- CVE-2021-30610: Use After Free in Extensions API. Severity: High
- CVE-2021-30611: Use After Free in WebRTC. Severity: Medium
- CVE-2021-30612: Use After Free in WebRTC. Severity: Medium
- CVE-2021-30613: Use After Free in Base internals. Severity: Medium
- CVE-2021-30614: Heap Buffer Overflow in TabStrip. Severity: Medium
- CVE-2021-30615: Cross-Origin Data Leak in Navigation. Severity: Medium
- CVE-2021-30616: Use After Free in Media. Severity: Medium
- CVE-2021-30617: Policy Bypass in Blink. Severity: Medium
- CVE-2021-30618: Inappropriate Implementation in DevTools. Severity: Medium
- CVE-2021-30619: UI Spoofing in Autofill. Severity: Medium
- CVE-2021-30620: Insufficient Policy Enforcement in Blink. Severity: Medium
- CVE-2021-30621: UI Spoofing in Autofill. Severity: Medium
- CVE-2021-30622: Use After Free in WebApp Installs. Severity: Medium
- CVE-2021-30623: Use After Free in Bookmarks. Severity: Low
- CVE-2021-30624: Use After Free in Autofill. Severity: Low
Google additionally shared the names of the tools for detecting these vulnerabilities. Following are a list of the tools used by Google for bug discovery:
Solution (Update)
To defend against possible attacks due to these vulnerabilities, Google Chrome needs to be updated to the stable version 93.0.4577.63.
Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click More (Three vertical dots) on the top right of the Chrome browser.
This will surprise some of your readers, but my primary interest is not with computer security. I am primarily interested in writing software that works as intended.
Wietse Venema
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
