Google Chrome 92 – Critical security issues fixed

The stable version of the Chrome browser for macOS, Windows and Linux was raised to 92.0.4515.131 yesterday, Monday. The development team has fixed ten security problems with ratings from “Medium” to “High” in the new version. As usual, the update is to be distributed to the browser installations in the coming days and weeks; if the auto-update is activated, this happens automatically. Google’s Advisory for Chrome 92.0.4515.131 only explicitly names those security holes that have been uncovered by external security researchers. As usual, detailed gap descriptions are missing; to prevent attacks, they only follow when most users have received the update. At least one can see from the advisory that the gaps with a “high” classification, the bookmark functionality of the browser (CVE-2021-30590, Heap Buffer Overflow), the FileSystem-API (CVE-2021-30591, Use after free) , the tab functions Strip and Groups (CVE-2021-30592 & CVE-2021-30593, Out of bounds read / write) and the interface for displaying page information (CVE-2021-30594, Use after free). Microsoft’s Chromium-based Edge has not yet received the latest bug fixes: According to the “Release Notes for Microsoft Edge Security Updates”, the browser was last provided with security updates on July 22nd.

Source: Heise