Google has released a new version of Chrome for Windows, Mac and Linux with corrections for two recently discovered vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.
Google confirmed that the fix was specifically related to this issue, and also explained that the vulnerability occurred due to incorrect validation of untrusted input data in V8 for x86-64.
I wonder what Agarwal told the publication The Hacker News, that there is another vulnerability fixed in the latest V8, for which the patch was not included in the updated version of Chrome.
“While both problems are different in nature, both can be used to execute arbitrary code during rendering. I suspect that the first patch was included in the Chrome update due to the published [мной] exploit, but since the second patch was not included in this version of Chrome, [уязвимость] can still be used, ”says the specialist.
The second vulnerability fixed in the Google browser (CVE-2021-21220) is of the use-after-free type and was found in the Blink engine. It is known that an anonymous researcher notified the company about it on April 7.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in