Google on Wednesday released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The release contains seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.
The zero-day, which was assigned the identifier of CVE-2021-21224, was described as a “type confusion in V8”.
In an advisory penned by Chrome technical program manager Srinivas Sista, five vulnerabilities were detailed: CVE-2021-21222 heap buffer overflow in V8, CVE-2021-21223 integer overflow in Mojo, CVE-2021-21225 out of bounds memory access in V8, CVE-2021-21226 use after free in navigation, and CVE-2021-21224 type confusion in V8.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” he wrote.
The advisory thanked five researchers for their contributions and added that its own ongoing security work was responsible for a wide range of fixes.
MORE FROM CHROME
Google to shorten Chrome update cycle to four weeks
It will also lower the minimum price limit of Android apps, in-app purchases, and subscriptions in 20 markets.
The good and the bad with Chrome web browser’s new security defaults
Starting with Chrome 90, you’ll automatically be directed to the secure version of any website. That’s good, but it’s not as good as you might believe.
Google releases Chrome 90 with HTTPS by default and security fixes
Chrome 90 has arrived with new privacy features and fixes for 37 security flaws.