Google has released a update for its Chrome browser on Windows, Mac, and Linux that brings a total of seven security fixes. The list of fixes include one for a zero-day vulnerability that was exploited in the wild. The updated Chrome browser will be rolled out over the coming days, Google said in an advisory. Users are recommended to install the update as early as it reaches their devices. The search giant also credited and rewarded external security researchers who reported the vulnerabilities.
The updated Chrome browser carries version 90.0.4430.85, according to the advisory released by Google through a blog post. The update is compatible with Windows, Mac, and Linux devices.
In terms of security fixes, Google has detailed five of the seven highly critical vulnerabilities that are addressed by the update. The first is recorded as CVE-2021-21222 that is a heap buffer overflow in the V8 JavaScript engine, while the second one is noted under CVE-2021-21223 and is an integer overflow in Mojo interface.
The third vulnerability that the updated Chrome browser brings is defined as CVE-2021-21224, and it’s a type confusion in the V8 engine. There are also the CVE-2021-21225 out-of-bounds memory access flaw in the V8 engine and the CVE-2021-21226 use-after-free in navigation.
Among the flaws that Google has fixed and detailed through its advisory, the CVE-2021-21224 was exploited in the wild. However, there aren’t any details whether the issue has affected any regular Chrome users. Information about the remaining security fixes was also not provided.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” the company said.
Users can manually look for the latest update on their Chrome by going to the About Chrome settings on their devices. The browser, however, gets updated automatically soon after its latest version is rolled out from the company side.
Why did LG give up on its smartphone business? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 22:00), we talk about the new co-op RPG shooter Outriders. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.
