Advertisement

Chrome 93.0.4577.82 fixes several 0-day vulnerabilities

Google has updated the Stable channel of the Chrome browser to version 93.0.4577.82 for Windows, Mac and Linux. The update will roll out over the coming days/weeks. There are 11 security fixes, including two for which exploits are already available.

Google Chrome Banner

The company has not yet disclosed the details. It is only known that the first vulnerability (CVE-2021-30632) is caused by an out-of-buffer write in the V8 JavaScript engine. The second problem (CVE-2021-30633) is present in the Indexed DB API implementation and is related to the call to the memory area after free (use after free).

The official announcement lists the following patches, which were submitted by third-party researchers.

  • CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
  • CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
  • CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
  • CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
  • CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26
  • CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
  •  CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
  • CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
  • CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

All of the above vulnerabilities are of HIGH severity. No critical issues were found that could be used to bypass all browser security levels and execute code on the target system outside of the sandbox environment.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.