Google recently released an update that includes seven security fixes including one for the zero-day vulnerability exploited in the wild. The recently released version 90.0.4430.85 of the Chrome browser will be available for Windows, Mac, and Linux. In an advisory penned by Chrome technical program manager Srinivas Sista, he thanked five researchers for their contributions while also adding that its ongoing security work was responsible for a wide range of fixes.
Srinivas Sista also detailed five vulnerabilities which include:
- CVE-2021-21223 integer overflow in Mojo,
- CVE-2021-21222 heap buffer overflow in V8,
- CVE-2021-21225 out of bounds memory access in V8,
- CVE-2021-21226 use after free in navigation, and
- CVE-2021-21224 type confusion in V8
He further disclosed, “Google is aware of reports that exploits for CVE-2021-21224 exist in the wild”. Going forward, starting with Chrome 90, users will automatically be directed to the secure version of any website.
For more information, read the original story in ZDNET