Update Google Chrome Stable Channel Updates

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 90.0.4430.85 Stable Channel Update for Desktop:
The Stable channel has been updated to 90.0.4430.85 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30

[$TBD][1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02

[$TBD][1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05

[$TBD][1195977] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05

[$TBD][1197904] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that exploits for CVE-2021-21224 exist in the wild.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1200824] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 90.0.4430.93 Stable Channel Update for Desktop:
The Stable channel has been updated to 90.0.4430.93 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$15000][1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15
[$NA][1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05
[$TBD][1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair on 2021-02-26
[$5000][1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16
[$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
[$TBD][1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13
[$NA][1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-04-13

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1202729] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 90.0.4430.212 Stable Channel Update for Desktop:
The Stable channel has been updated to 90.0.4430.212 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 19 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$3000][1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19
[$NA][1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14
[$TBD][1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02
[$TBD][1196309] High CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06
[$TBD][1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09
[$TBD][1197875] High CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg on 2021-04-10
[$TBD][1200019] High CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17
[$NA][1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19
[$TBD][1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20
[$TBD][1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21
[$TBD][1201446] High CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song on 2021-04-22
[$TBD][1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27
[$NA][1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28
[$15000][1194058] Medium CVE-2021-30519: Use after free in Payments. Reported by asnine on 2021-03-30
[$10000][1193362] Medium CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-03

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1207457] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.77 Stable Channel Update for Desktop:
The Chrome team is delighted to announce the promotion of Chrome 91 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 91.0.4472.77 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 91.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 32 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$20000][1208721] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13
[$7500][1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09
[$7500][1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13
[$TBD][1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08
[$TBD][1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11
[$TBD][1198717] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13
[$TBD][1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15
[$NA][1206329] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06
[$7500][1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02
[$7500][1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21
[$5000][1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12
[$5000][1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18
[$5000][1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04
[$3000][1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20
[$1000][1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01
[$500][1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03
[$15000][1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31
[$3000][830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
[$3000][1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11
[$1000][971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05
[$500][1184147] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1213064] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Prudhvikumar Bommana

Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome now lets you run more commands via the address bar:
Google has added a new batch of Chrome Actions for early testing in the latest Google Chrome web browser releases before the feature's worldwide rollout later this year.

Chrome Actions is a recently introduced experimental Chrome feature that allows you to type in a command, causing an action to be displayed inline in the browser's address bar search results.

When clicked, the action will be automatically executed in the browser, helping you get more things done quicker and easier.

For instance, once you type 'delete history,' 'clear cache,' or 'wipe cookies' in the Chrome address bar, a 'Clear browsing data' action will appear as a search result styled as a button right under your query.

Google started progressively rolling out the first set of Chrome Actions (i.e., Clear Browsing Data, Manage Payment Methods, Open Incognito Window, Manage Passwords, Update Chrome, and Translate Page) in November with the release of Chrome 87.

Now, Google has added a new set of Chrome Actions, including:
  • Run Chrome safety check: Makes it simple for you to run a Chrome safety check, directly from the address bar. The safety check can help keep you safe from data breaches, bad extensions, and more (to use it, type “Chrome safety check” or “Run password checkup”)
  • Create doc: Makes it simple to create a new Google document, directly from the address bar. This saves time, so if you want to take notes or start an essay fast, you can do it quickly right from the address bar (to use it, type “New Google doc” or “Create Google doc”)
  • Manage Google Account: Makes it extra simple to control your Google Account, including personal info, payments and subscriptions, and more (to use it, type “Control my Google Account” or “Adjust my Google Account”)
How to enable Chrome Actions:

Google has already started rolling out this feature and has announced today that it will be launching in Chrome for all users later this year.

However, it is still an experimental feature hidden behind Chrome flags that need to be toggled on to enable it.

To turn on Chrome Actions in Google Chrome, you have to follow these steps:
  1. Go to chrome://flags in the Chrome address bar.
  2. Search for '#omnibox-pedals' and enable the 'Omnibox Pedals Default Icon Colored' and 'Omnibox Pedal batch 2' flags.
  3. After enabling both of them, relaunch the browser.
Once Google Chrome restarts, the Chrome Actions will automatically show up when you're typing the relevant terms into Chrome's address bar.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.101Stable Channel Update for Desktop:
The Stable channel has been updated to 91.0.4472.101 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$25000][1212618] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
[$20000][1201031] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
[$NA][1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
[$TBD][1210414] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
[$TBD][1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18
[$TBD][1212498] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
[$TBD][1212500] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23
[$NA][1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
[$TBD][1200679] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20
[$TBD][1209769] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2021-30551 exists in the wild.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1218029] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Prudhvikumar Bommana
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.106 Stable Channel Update for Desktop:
The Stable channel has been updated to 91.0.4472.106 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Prudhvikumar Bommana
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.114 Stable Channel Update for Desktop:
The Stable channel has been updated to 91.0.4472.114 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15

[$10000][1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01

[$7500][1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24

[$10000][1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2021-30554 exists in the wild.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.123/.124 Stable Channel Update for Desktop:
The Stable channel has been updated to 91.0.4472.123/.124 for Windows which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Prudhvikumar Bommana
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 91.0.4472.164 Stable Channel Update for Desktop
The Stable channel has been updated to 91.0.4472.164 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain

restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers.

Please see the Chrome Security Pagfor more information.

[$7500][1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11

[$5000][1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31

[$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12

[$TBD][1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14

[$TBD][1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15

[$TBD][1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12

[$TBD][1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[1229408] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 92.0.4515.107 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 92 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 92.0.4515.107 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 92.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 35 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$15000][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19

[$10000][1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26

[$10000][1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20

[$8500][1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15

[$500][1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11

[$TBD][1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03

[$TBD][1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28

[$TBD][1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - Free Online Vulnerability Scanner | S4E on 2021-06-06

[$TBD][1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08

[$15000][1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26

[$10000][1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01

[$10000][1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01

[$7500][1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21

[$7500][1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10

[$5000][1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17

[$5000][1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31

[$5000][1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05

[$3000][1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17

[$3000][1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26

[$N/A][1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11

[$TBD][1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21

[$N/A][1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

[$5000][1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04

[$3000][1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1231294] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Faster and more efficient phishing detection in M92
Keeping Chrome users safe as they browse the web is crucially important to Chrome; in fact, security has always been one of our four core principles. In some cases, security can come at the expense of performance. In our next post in The Fast and the Curious series, we are excited to share how improvements to our phishing detection algorithms keeps users safe online. With these improvements, phishing detection is now 50 times faster and drains less battery.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 92.0.4515.131 Stable Channel Update for Desktop
The Stable channel has been updated to 92.0.4515.131 for Windows, Mac and Linux which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$20000][1227777] High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09
[$20000][1229298] High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14
[$10000][1209469] High CVE-2021-30592: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-15
[$5000][1209616] High CVE-2021-30593: Out of bounds read in Tab Strip. Reported by David Erceg on 2021-05-16
[$N/A][1218468] High CVE-2021-30594: Use after free in Page Info UI. Reported by raven (@raid_akame) on 2021-06-10
[$1000][1214481] Medium CVE-2021-30596: Incorrect security UI in Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29
[$TBD][1232617] Medium CVE-2021-30597: Use after free in Browser UI. Reported by raven (@raid_akame) on 2021-07-24

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties.

Researchers Leecraso and Guang Gong of the 360 Alpha Lab team at Chinese cybersecurity firm Qihoo 360 have earned $20,000 for a high-severity vulnerability tracked as CVE-2021-30590. Google described the issue as a heap buffer overflow in Bookmarks.

Leecraso told SecurityWeek that CVE-2021-30590 is a sandbox escape vulnerability that can be “exploited in combination with an extension or a compromised renderer.” An attacker can leverage the flaw to achieve remote code execution outside Chrome’s sandbox.

A high severity rating has also been assigned to two vulnerabilities reported by researcher David Erceg. CVE-2021-30592, described by Google as an out-of-bounds write issue in Tab Groups, earned him $10,000, while CVE-2021-30593, described as an out-of-bounds read bug in Tab Strips, earned him a $5,000 bug bounty.

“CVE-2021-30592 would require a malicious extension to be installed,” Erceg told SecurityWeek. “Since the vulnerability involves an out of bounds write, it could potentially be used to escape the browser's sandbox. And exploiting it wouldn't require anything but the user to install the extension.”

“As for CVE-2021-30593,” he added, “it would be easier to trigger with an extension, though a web page could trigger the behavior under some more restricted circumstances. The impact is similar to CVE-2021-30592, in that an attacker could potentially escape the sandbox if they could set up memory in the appropriate way before the out of bounds read occurs. This issue could also be exploited on its own, but it does require some more specific interaction from the user.”

These were not the first extension-related Chrome vulnerabilities reported by Erceg to Google.

Another high-severity vulnerability for which Google paid out $20,000 is CVE-2021-30591, a use-after-free bug in the File System API. This issue was discovered by researcher SorryMybad from Kunlun Lab.

It’s worth noting that Google pays out up to $20,000 for Chrome sandbox escape vulnerabilities described in a high-quality report. Researchers can earn up to $30,000 for such flaws if they also provide a functional exploit.

It’s important that users update Chrome as soon as possible, considering that the web browser appears to be increasingly targeted in malicious attacks.
Google this year patched more than half a dozen actively exploited zero-day flaws.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 92.0.4515.159 Stable Channel Update for Desktop
The Stable channel has been updated to 92.0.4515.159 for Windows, Mac and Linux which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$21000][1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30

[$21000][1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30

[$20000][1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20

[$20000][1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28

[$TBD][1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-07-19

[$NA][1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27

[$TBD][1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1240159] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Srinivas Sista
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 93.0.4577.63 Stable Channel Update for Desktop:
The Chrome team is delighted to announce the promotion of Chrome 93 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 93.0.4577.63 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 93.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$20000][1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$10000][1235949] High CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03

[$7500][1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15

[$5000][1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13

[$N/A][1200440] High CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi on 2021-04-19

[$20000][1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$20000][1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29

[$15000][1209622] Medium CVE-2021-30613: Use after free in Base internals. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16

[$10000][1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10

[$5000][1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12

[$5000][1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21

[$3000][1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07

[$3000][1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23

[$3000][1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02

[$NA][1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20

[$NA][1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

[$NA][1224419] Medium CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28

[$10000][1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25

[$TBD][1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 93.0.4577.82 Stable Channel Update for Desktop
The Stable channel has been updated to 93.0.4577.82 for Windows, Mac and Linux which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7500][1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
[$7500][1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
[$5000][1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
[$TBD][1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
[$TBD][1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26
[$TBD][1244568] High CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
[$TBD][1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
[$TBD][1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
[$TBD][1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
[1249027] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Prudhvikumar Bommana
Google Chrome
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google patches 10th Chrome zero-day exploited in the wild this year:
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild.

"Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild," the company revealed in the release notes for the new Chrome version.

The update is currently rolling out worldwide in the Stable desktop channel, and Google states it will become available to everyone over the next few days.

The update was available immediately when BleepingComputer performed a manual check for new updates (Chrome menu > Help > About Google Chrome).

Google Chrome will also automatically check for new updates the next time you restart the browser.

Tenth zero-day fixed in 2021

The two zero-day vulnerabilities fixed today were disclosed to Google on September 8th, 2021, and are both memory bugs.

The CVE-2021-30632 is an out-of-bounds write in the V8 JavaScript engine, and the CVE-2021-30633 bug is a use-after-free bug in the Indexed DB API.

While these bugs often lead to browser crashes, threat actors can sometimes exploit them to perform remote code execution, sandbox escapes, and other malicious behavior.

While Google has disclosed that both bugs have been exploited in the wild, they have not shared further information regarding the attacks.

With these two vulnerabilities, Google has now patched a total of ten zero-day vulnerabilities in Chrome in 2021.

Other vulnerabilities fixed this year are:
As these vulnerabilities are known to have been exploited in the wild, it is strongly advised that all Google Chrome update to the latest version immediately.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 94.0.4606.54 Stable Channel Update for Desktop:
The Chrome team is delighted to announce the promotion of Chrome 94 to the stable channel for Windows, Mac and Linux.Chrome 94 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 94.0.4606.54 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 94.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 19 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$15000][1243117] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24

[$7500][1242269] High CVE-2021-37957 : Use after free in WebGPU. Reported by Looben Yang on 2021-08-23

[$3000][1223290] High CVE-2021-37958 : Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24

[$1000][1229625] High CVE-2021-37959 : Use after free in Task Manager. Reported by raven (@raid_akame) on 2021-07-15

[$TBD][1247196] High CVE-2021-37960 : Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07

[$10000][1228557] Medium CVE-2021-37961 : Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13

[$10000][1231933] Medium CVE-2021-37962 : Use after free in Performance Manager. Reported by Sri on 2021-07-22

[$3000][1199865] Medium CVE-2021-37963 : Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O’Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16

[$3000][1203612] Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28

[$3000][1239709] Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13

[$TBD][1238944] Medium CVE-2021-37966 : Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11

[$TBD][1243622] Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26

[$TBD][1245053] Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30

[$TBD][1245879] Medium CVE-2021-37969 : Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02

[$TBD][1248030] Medium CVE-2021-37970 : Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09

[$1000][1219354] Low CVE-2021-37971 : Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13

[$TBD][1234259] Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,343
Google Chrome 94.0.4606.61 Stable Channel Update for Desktop:
The Stable channel has been updated to 94.0.4606.61 for Windows, Mac and Linux which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2021-37973 exists in the wild.
 
Top