Update Chrome or risk remote takeover, US govt warns

By on
Update Chrome or risk remote takeover, US govt warns

New version contains 16 security fixes.

The United States Cyber and Infrastructure Security Agency (CISA) has issued an alert to users of Google Chrome to update their web browsers to address vulnerabilities that could be exploited by attackers to take control of computers.

Chrome Stable version 87.0.4280.141 is being rolled out for Microsoft Windows, Apple macOS and Linux distributions, and contains 16 security fixes, Google said.

Of these, 15 are rated as high severity, with the most serious vulnerabilities allowing for remote code execution in the privilege context that Chrome is running in.

The vulnerabilities include seven use-after-free memory corruption bugs, including one in the Blink rendering engine, and an out-of-bounds-write vulnerability in the V8 Javascript engine.

The V8 CVE-2020-15995 bug could be exploited via a specially crafted web page to cause memory heap corruption and was reported by Bohan Liu at Tencent's Security Xuanwu Lab last month.

While the awards for the V8 and the CVE-2021-21115 use-after-free in Safe Browsing bugs are yet to be determined, Google paid out US$111,000 in bug bounties to other researchers reporting vulnerabilities in Chrome.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?