Sagar

New version of Google Chrome removes 16 security vulnerability

Google Chrome removes 16 security

Jan 13 2021

Warning by US govt: update Chrome or risk remote takeover of your computer.

The new version of Google Chrome removes 16 security vulnerabilities.

The United States Cyber and Infrastructure Security Agency (CISA) has warned users of Chrome browser of the most serious vulnerabilities allowing for remote code execution that could be exploited by attackers to take control of computers.

It has issued an alert to the users to update Chrome to address this vulnerability.

Chrome Stable version 87.0.4280.141 is being set rolling for Microsoft Windows, Apple macOS, and Linux, and contains 16 security fixes, Google said.

The most serious vulnerabilities allowing for remote code execution in the privileged context that Chrome is running in addition to other 15 rated as high severity.

Seven use-after-free memory corruption bugs, including one in the Blink rendering engine, and an out-of-bounds-write vulnerability in the V8 Javascript engine are other major ones.

Another vulnerability is the V8 CVE-2020-15995 bug which can be exploited via a specially crafted web page to cause memory heap corruption as reported by Bohan Liu at Tencent's Security Xuanwu Lab last month.

Google has rewarded US$111,000 in bug bounties to other researchers reporting such vulnerabilities in Chrome. Prizes for the V8 and the CVE-2021-21115 in the use-after-free category in Safe Browsing bugs are yet to be determined.