The stable version of the Chrome browser for macOS, Windows and Linux was launched yesterday, Monday 92.0.4515.131 raised. The development team has fixed ten security problems with ratings from “Medium” to “High” in the new version. As usual, the update is to be distributed to the browser installations in the coming days and weeks; if the auto-update is activated, this happens automatically.
Googles Advisory zu Chrome 92.0.4515.131 explicitly mentions only those security flaws that were uncovered by external security researchers. As usual, detailed gap descriptions are missing; to prevent attacks, they only follow when most users have received the update. At least one can see from the advisory that the gaps with a “high” classification, the bookmark functionality of the browser (CVE-2021-30590, Heap Buffer Overflow), the FileSystem-API (CVE-2021-30591, Use after free) , the tab functions Strip and Groups (CVE-2021-30592 & CVE-2021-30593, Out of bounds read / write) and the interface for displaying page information (CVE-2021-30594, Use after free).
Incidentally, Microsoft’s Chromium-based Edge has not yet received the latest bug fixes: According to the “Release Notes for Microsoft Edge Security Updates” the browser was last supplied with security updates on July 22nd.
(ovw)
